From patchwork Thu Apr 9 07:08:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85588 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32038E9DE43 for ; Thu, 9 Apr 2026 07:09:32 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127032.1775718570296722172 for ; Thu, 09 Apr 2026 00:09:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=sNUCm3Oa; spf=pass (domain: gmail.com, ip: 209.85.215.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-c742b9b7727so187270a12.0 for ; Thu, 09 Apr 2026 00:09:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718569; x=1776323369; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=yavdsP0WlJ8O7eGBp5yOFe7k4T9Xi1LDmp7BTWtm9vQ=; b=sNUCm3Oa8ZdcLXDNSS2FB+X4pzIjdi082IBO+8DSaa1MhKS0UiEvpLifqNj2NBirBI lMfe+fc1uKPjLYuJK3vOi5FX40/Qy8gD6+PxEcvoSIlt6EnnoYIZ5bJYNOUK6QWAk4e6 SXjke7ZC4iDv1QMVmE7KEPo8CKrbhZIYd9rjwHwoqQJsiSc1OW46lXVtG5XteotqB8tj Go4ztvX47Mmh2V8UqHLZKJK+yAA3MVbLDHnKocobYyPwOtONgwFNgrlaUuHTEPI4dz9L SydHh+NoS4/HRIjbEe3cg+XyBaIR9okdeEDTKr1CPjMo9pusg01+su5sxNYEaG5Fqlo6 Z6+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718569; x=1776323369; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=yavdsP0WlJ8O7eGBp5yOFe7k4T9Xi1LDmp7BTWtm9vQ=; b=VdhbzQjE4C7UYFu3/+rd13uSdxKdrVnVy3KlOChlxbyfinn/Tu/rS0Y1v20KGXS9pH hJykTBoZ+xDqumyx8x8P7Dl/GH3jYCSesL5D/Lk8WHu5YF4SdjSO2CjXdrSOtzFc7wp8 495J0iOplENu7z/2C0pUnzDsaAK6vber0hdW4D/JguZLi0cq0xXRVEJfw7KW1rhgsd2F VwUFVreh8QLqxpwS28HKQ0UPqMRXvkuqEt397o4g1+t7LxBtnMfyQTve+z5yJ1/5dNSf B/3g08f7OnlieixI8Sr6V6ni+3nTmpKeL9opigDJ5rs7CnX+oC41r7waTrksOUjA2b9z BBLA== X-Gm-Message-State: AOJu0YyFmmndrkWUoLbd+EEClATXdPfPIrULF/38bBF0rRwbxnf/4Yr4 t4xiFChAQa9A8AF038dd6PuEM0ZGkLMGr0M/7tNSFIa1J5GCdaLjMeKGHQHiNQ== X-Gm-Gg: AeBDietZ3oFHHinPuipSUW1wiN8zpWSwQEtdmGTSR5HSwsUz91LX2YsV9RNVJV8Qx2z fTPTTd55Yu2X085MkDW7OaZAH3T8QQGV8LzrWBCVS4D4qzcr+VJ8vLIgVy3SwL5QoXHDg0Qv4y7 wT3MGdelhz2SAu4se6Kv+oNl0hvEOa2unA5joe+KUQQ7QSjBMS1Vnl9auRo0NLJkSZUZnQFO9A6 6/UmFf/grtNCAs+Ri0NikahX4RtpcOO7MCTGpHZOcnbhVMPP7AhhPArAJuZ09NkbfxSxF78F8N2 LamSsXeAWFHkTfEbrN33u2iR8MOhCvwhzOCA+dM7nVx3tPdN469IDf0NdBYI6rzHuP1BetcV3xK AgHcdGIPBU7e0i5B8nW88j8MjB5RRcWCzFBtoAXhdin9iMZGnEucOU3fYkUlNLpq44MbbULq5oD 8oO9gomsWiPooofjPcrlJFPgHpaUiV33lX64o= X-Received: by 2002:a05:6a20:1611:b0:39c:4a6a:fa8e with SMTP id adf61e73a8af0-39fc9461124mr2580084637.21.1775718569270; Thu, 09 Apr 2026 00:09:29 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:28 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 1/22] abseil-cpp: ignore CVE-2025-0838 Date: Thu, 9 Apr 2026 19:08:58 +1200 Message-ID: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126123 From: Ankur Tyagi The commit[1] mentioned in the NVD[2] is part of the current version[3]. [1] https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-0838 [3] https://github.com/abseil/abseil-cpp/commit/54fac219c4ef0bc379dfffb0b8098725d77ac81b Signed-off-by: Ankur Tyagi --- meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.3.bb b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.3.bb index a11b5cbb53..ff5aedb9c3 100644 --- a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.3.bb +++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_20240116.3.bb @@ -53,3 +53,5 @@ python split_dynamic_packages() { ALLOW_EMPTY:${PN} = "1" BBCLASSEXTEND = "native nativesdk" + +CVE_STATUS[CVE-2025-0838] = "cpe-incorrect: The current version (20240116.3) is not affected." From patchwork Thu Apr 9 07:08:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85591 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 434AFE9DE48 for ; Thu, 9 Apr 2026 07:09:42 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127033.1775718572873144793 for ; Thu, 09 Apr 2026 00:09:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=EAkSmgiw; spf=pass (domain: gmail.com, ip: 209.85.215.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-b6ce6d1d3dcso247384a12.3 for ; Thu, 09 Apr 2026 00:09:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718572; x=1776323372; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UNhfEp/frKJFcYz8MorKDdaj7HGRbwTXiRPZTvQBXHw=; b=EAkSmgiwGgZZc4fLDHA2p3vZ6/PXHxrwa+L9X+NdiJhlur2xEPRcgZaflawtE7FEw3 tLYRJIfhhVV8XRJXN5YBKYnIWZ6pgKwVv9Sfup/H4qVgrMMQORAWTrOhYL3dRjUz1rrS tv2yRVQ4ZB7R0Oq05EvAThu5wvw4na5P1ZMlQmFHd0S46m2j84JFoTfSbFWV5P9kQHnD VFbwAdvn4OC48jYm51XD/t+qDFTG8nlhVxIIJMHuraQsvh/pXG9jAlqxYq2ZqkZblVz6 3hrcMsfnKQeHsJ4mtk2LTC+l+IS+IQLMjvj3SNvSecqWKqfEh+dGHuFwB5e/MOAvgWA+ n9og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718572; x=1776323372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=UNhfEp/frKJFcYz8MorKDdaj7HGRbwTXiRPZTvQBXHw=; b=Xjj++/EzvViS9zwCJtpWNURnr5XOfPxqq3usg41ktmU/chdIAu6aiesq4OwPek/MZE bJWuYtj5GzYViGOkPymAxIkoqG0cMs+fFFqIfiiV6BwOOQJ3GbJdHLGDLEM6tnTOw0av /K4RRbJluCkVg3rdu62j7vRbisXk6HjBBUZ6VwmJI0A6o5ig0F8blqFhyQnlnYZ9tEYq lD1x1v1dvxaiQT+wyZM+0i5xuZ1VS9OCsrUZ1QOIM/KXg0nYpRRqBVq2Y1zbxztLBUqX D17LzEt/6s1r3b4FCux4tAI4oT/27Aqnj4BEvclJdI1M99GNPAGpq5gVI71CEhFQqzY8 TLVQ== X-Gm-Message-State: AOJu0YwzIp/hLKlTUwtP2FPGBngYKSei9TjzXek/o3o1YpB1g11ILPWK ol7ecZpvWGtxAcID1C4PvtwyM0Xu2fjrVHGayVAbQRVxA8JEjiMDFcxT2NJ6ow== X-Gm-Gg: AeBDiesUs5csnehbHoOJfxqiBJoi3HzMXtSku9t1YU0Xx4J2AO/jBv036xJzxQVfOIj GuII+BYCOLBQAtrG3Hnw28jUr/zzUt8zNRV2QTYCEjb5bDtqsxtzhMQXaI8rhGQczL3wNUx/YpV wqIhJa+SWZb8Te4wVJRY5weX4RbDtLOf+YyB4Mo1uXCCQoWt2qABZ+9ycnjymCq9es7eS4QOkpV 9RGK5GyJNmjACMTkeyTiyFD6nBptD0OKZclz5fnTV6yqdkcW7eadOeEX9hx/dJQB9j/XdIsW33P m/LyVBx8ghN9ZsyC6Wf5q/gqSvzyxaQCQQO75gca3ZQI/9kovnVRAMUYUULIAeckRYRIEjLhTrm czvFxkCCKqhKbtxK2R02u/XruQhqLpAUDhleqmAwpUxzlJOYwGle53c3rrUo8fzUoz3YVgbT0nO MWowpqPckM9cIklfR3yohy3RvzSajE3txOyY4= X-Received: by 2002:a05:6a21:6d9f:b0:398:6bb5:54c4 with SMTP id adf61e73a8af0-39f2ef774a3mr24502792637.5.1775718571857; Thu, 09 Apr 2026 00:09:31 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:31 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 2/22] freerdp3: fix CVE-2026-25941 Date: Thu, 9 Apr 2026 19:08:59 +1200 Message-ID: <20260409070919.3968586-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126124 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25941 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-25941.patch | 28 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-25941.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-25941.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-25941.patch new file mode 100644 index 0000000000..8a072b9359 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-25941.patch @@ -0,0 +1,28 @@ +From 52f2ae7b2377efc80abb742e452a8565372fd29e Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Mon, 9 Feb 2026 13:18:51 +0100 +Subject: [PATCH] [channels,rdpgfx] check available stream length + +(cherry picked from commit 2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2) + +CVE: CVE-2026-25941 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2] +Signed-off-by: Ankur Tyagi +--- + channels/rdpgfx/client/rdpgfx_main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/channels/rdpgfx/client/rdpgfx_main.c b/channels/rdpgfx/client/rdpgfx_main.c +index dd59c8b23..c08436b40 100644 +--- a/channels/rdpgfx/client/rdpgfx_main.c ++++ b/channels/rdpgfx/client/rdpgfx_main.c +@@ -1371,7 +1371,8 @@ static UINT rdpgfx_recv_wire_to_surface_2_pdu(GENERIC_CHANNEL_CALLBACK* callback + Stream_Read_UINT8(s, pdu.pixelFormat); /* pixelFormat (1 byte) */ + Stream_Read_UINT32(s, pdu.bitmapDataLength); /* bitmapDataLength (4 bytes) */ + pdu.bitmapData = Stream_Pointer(s); +- Stream_Seek(s, pdu.bitmapDataLength); ++ if (!Stream_SafeSeek(s, pdu.bitmapDataLength)) ++ return ERROR_INVALID_DATA; + + DEBUG_RDPGFX(gfx->log, + "RecvWireToSurface2Pdu: surfaceId: %" PRIu16 " codecId: %s (0x%04" PRIX16 ") " diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 55cb356be2..f9e6f64e2f 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2024-32661.patch \ file://CVE-2024-32662.patch \ file://CVE-2025-4478.patch \ + file://CVE-2026-25941.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85589 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24DF5E9DE47 for ; Thu, 9 Apr 2026 07:09:42 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.126696.1775718575370080357 for ; Thu, 09 Apr 2026 00:09:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=P75UR4xK; spf=pass (domain: gmail.com, ip: 209.85.210.170, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-82cf636dac8so317522b3a.3 for ; Thu, 09 Apr 2026 00:09:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718574; x=1776323374; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aRkWk/2Hh+OCHZGnd+wQVaRKZXNjQt5krRcnC1pon0M=; b=P75UR4xKLgxw+ZET1rcBHxEf/+caMlKm4/08hbkbtrKXzt7CqXXaJ2R7MIxrhSbNJN mRCw3seOmdMJkZfopZmPBDxwTAwBgTNgWbLbhhqGg0A1ocIjbfYsIsdWzm2dSAcxiIOC KWa4JxVci6TSbMw+bByg0T6+zZabn67xFXz3QSu8RhYYc/SrehRp38Gt0F4sAO92e7vG nRFam2kRRBud6HsIT0P2sowW7esNt95mc3iRyayFqpjz9/rYYrAtc0T5kDHOy3etnoWP qbdsf7r36sw42Ce7cc6aXvPSQJLJ6gqjXwt+tR/04yqnNYYj/GecZL8VN0ylJn4rsemD Jpqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718574; x=1776323374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=aRkWk/2Hh+OCHZGnd+wQVaRKZXNjQt5krRcnC1pon0M=; b=VLDCuzNft1Z8Ar9/3ArYLS5QZWAuztAHlu5zWFmUH4kEO001E6M6HijeiyNPrOCVTb oB9d4JjUVR4RetAF12TD/LssjsWxk7iZTx6NCyUjgtp2Oc/AONYPcVYpN/m1wReTSZkx SL7iIFJ4+MOQgw7l9pb9Ayr/nF60vNo8qgG0iL8KfnmmnCbnhD7F9hMdHq/+5JQOQxni niHtxeSiLiaf0Up0F6GX4+Fc36C/ndI7GdNDACDFTBsCK60w5WKKfkeqTi7AjO2uNPYq sXI606qQ+Lj4zMziJgkrDZyQc1Yd1Go6cnA7kCfMWOOI3O6nRooh5vExUb/JFcLfLcVl 7nMw== X-Gm-Message-State: AOJu0YziFaPLBuMLQIjiD6GXwdL0zN7fj/LLrmYjxdqGlePAdN34PaHn iBwHf5EJyKdX/i8hzaAU2gbo1XRl7LENe3hal9qswOROoJu92/3HLd+tl83zJw== X-Gm-Gg: AeBDieufWQRuaii6m9Gb/zsUN5CUlTT+Gd1Xr+FF1Lk4JdTujv7ie2/wjjzU3nAQXoJ QUdbNNYDtZ69imCMiW0YukeYOKA0vJhgECAyKk0pbOBa5MZdnPFey3Nu+0nFlPebnWBoZfv/9l2 egsWgwy6/lK9gfKR3PgNxrLXxP04BG6joazHCxo/QaFcKglEyQcNmANTIMbQk5OtQYoLVes6p0r PdVI5Y9Y4Oxog2rIPFMbAOf9d7htpD1VasYdLhiUQMr82SfPq2BlqTj2B8nk3S/+PxOzuHlqhFA mvcU++o8vAMlIAvvnb/ZGcyeqOqy+8z26yHci00QG5I6sMWr0nUKkDTFTKEvxiiGnsCtHmQp7X6 kgyJbNuWfPqJIKxGtNkk5U3/CNZz/Vo/qwJrn/oFAMbGurRspGXLVeDpBYoRFnW8yVswrPJpFx3 /P6g6+0hUjkFOdEecda80x6mqpOAy1dhALCh8= X-Received: by 2002:a05:6a00:2d86:b0:82c:e775:d430 with SMTP id d2e1a72fcca58-82dd8a9203cmr2500679b3a.28.1775718574430; Thu, 09 Apr 2026 00:09:34 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:34 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 3/22] freerdp3: fix CVE-2026-33952 Date: Thu, 9 Apr 2026 19:09:00 +1200 Message-ID: <20260409070919.3968586-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126125 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33952 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-33952.patch | 38 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33952.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33952.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33952.patch new file mode 100644 index 0000000000..925843f6b5 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33952.patch @@ -0,0 +1,38 @@ +From 30e05bdaf4096decf4ce0b1c448cd03c6786323b Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Wed, 25 Mar 2026 09:04:43 +0100 +Subject: [PATCH] [core,gateway] Check rpcconn_common_hdr_t::auth_length is + valid + +Do sanity checks for rpcconn_common_hdr_t::auth_length read from +network, abort if the value is out of range. + +(cherry picked from commit 4ac0b6467d371a1ad47c1f751c5b305e4c068adb) + +CVE: CVE-2026-33952 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/4ac0b6467d371a1ad47c1f751c5b305e4c068adb] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/core/gateway/rts.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/libfreerdp/core/gateway/rts.c b/libfreerdp/core/gateway/rts.c +index 2ba757815..9702582da 100644 +--- a/libfreerdp/core/gateway/rts.c ++++ b/libfreerdp/core/gateway/rts.c +@@ -253,6 +253,15 @@ BOOL rts_read_common_pdu_header(wStream* s, rpcconn_common_hdr_t* header, BOOL i + header->frag_length, sizeof(rpcconn_common_hdr_t)); + return FALSE; + } ++ if (header->auth_length > header->frag_length - 8ull) ++ { ++ if (!ignoreErrors) ++ WLog_WARN(TAG, ++ "Invalid header->auth_length(%" PRIu16 ") > header->frag_length(%" PRIu16 ++ ") - 8ull", ++ header->frag_length, header->auth_length); ++ return FALSE; ++ } + + if (!ignoreErrors) + { diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index f9e6f64e2f..18795551ec 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -21,6 +21,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2024-32662.patch \ file://CVE-2025-4478.patch \ file://CVE-2026-25941.patch \ + file://CVE-2026-33952.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85592 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 354FAE9DE49 for ; Thu, 9 Apr 2026 07:09:42 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127035.1775718577639992353 for ; Thu, 09 Apr 2026 00:09:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=R5eA+i1t; spf=pass (domain: gmail.com, ip: 209.85.210.171, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-824c9da9928so732124b3a.3 for ; Thu, 09 Apr 2026 00:09:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718577; x=1776323377; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JgeCjaAB2wEdQ5iZ3S7wBm0yra204DFLQn1ed2rM8rk=; b=R5eA+i1tSG60I/0VBEQUkReTr+qsxMx4jPTX4Ek5yNDxkKSlNzhpKQ7+CEWuXMZZbC rbJ/5z2SYcDhkSzd9h/Hi3VTdh9+DSqRSg8CiVxPD2wO/9UVB2qQ6DrT9k+na/Mfkhhu TeY0fvMO9hM7IwsH5qkGgsTgZ9IAHBbXSqvDMkJghLPf5cmLlMMzi6TobPXggjdpKJho 0WCM0wGasSQRlZNvKhRcc9ItZ1ziplnPLaMmgbOnd2AcvQc3wHUXrPVrzM7l+IbK88Wk hxmheCK8PgrAYjXLI2dYxxCYv6k7MjLaAvTZ9bJwtkd6bQ3kFWy/w01UJ9Z5WNh84FZG +Hbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718577; x=1776323377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=JgeCjaAB2wEdQ5iZ3S7wBm0yra204DFLQn1ed2rM8rk=; b=Umwyig3CwMTC55a38Z0xHWPL/fVL87jvf2VUG9cwfhrQmMxEQ5vj/rVqxSUXNBZEF3 D+Y8Xn5uzfBcjarNE9QRLZHCCoKAi8Zt1ch2UDm1TAATaEAsTw09OpUUA5B2KvchNwnx G0o04GHHIZ7ul2SNSt4iNd9LlTUYa681tqissNzuRiNlTmF7TsLgmmHgQRd2oTzExWI2 B3SWrk1XOCxKAsHI/zkmBXwdutbsls4fy0zeJj6mrJ60be5vQZ8LNYK7byjj3a5lpZgD TxRG0J7rPHn3Fyf4hI/x9dthpiTllFK9n2SIqfoGY2/69sv4nCtYnExVckScnMUyjDQ+ AFTg== X-Gm-Message-State: AOJu0YxFBeiDmUsTJOgVCQrJuYGji0mF8oqaB8pzYriiXPH72gAGISRF dDz241xlHWI5xXN8GUrgDAH9TILwx/ZbZgMBAzuJ99C90C9sXRuyY+sx9f0tSw== X-Gm-Gg: AeBDieuLcngiAdrcMuK94DrnZLCDVxf96AWB+5Hb+PcXyaUU62BY3lQeKPKkeypyhxx NMMAwFVz16OCENNpZvJh+aYpmd57DPzd3SUsp3y525dJNp+qB0u7RVHQSfFlQ5wCkjCgVl5lfxA JogYJhgn5wO4hFod+O+UdRm1jImvbNBWljLBYg041ys0A76DILcL08/dbRbtPWgZHTg6RNufdDt LHxxj6VhhC8JtWEhC628DrG/2xr9i6zaN6jYWMsm/vFkBY3pPcWatfpaSBmCG/d058xM7ykMFko pNichX/6E8RILztxh2E9ztE62+VnpqdvcZtUT0u4VpLbM+UaKsTFkAqNe47F3LQQHwbVPZ/snLc NYGUfC2qlFaq1Bhluw9wnPZ0kR30y8bDz4SlhaneEbzA8CAby6aikzqO7Bo6bPvw5sCiOim9nH8 4kYaGaHloQmTF6MK89r9A/Z256jco+O1k9YZE= X-Received: by 2002:a05:6a00:2d10:b0:82c:9c47:fef9 with SMTP id d2e1a72fcca58-82d0da34535mr22799026b3a.2.1775718576880; Thu, 09 Apr 2026 00:09:36 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:36 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 4/22] freerdp3: fix CVE-2026-23948 Date: Thu, 9 Apr 2026 19:09:01 +1200 Message-ID: <20260409070919.3968586-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126126 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23948 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-23948.patch | 55 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 56 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-23948.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-23948.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-23948.patch new file mode 100644 index 0000000000..4e232eae0c --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-23948.patch @@ -0,0 +1,55 @@ +From b5693e6cc688e7cd36016f53392998b1945ff7df Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 19 Jan 2026 20:11:24 +0100 +Subject: [PATCH] [core,info] fix missing NULL check + +CVE: CVE-2026-23948 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/core/info.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c +index 3395e4d2e..81e59a060 100644 +--- a/libfreerdp/core/info.c ++++ b/libfreerdp/core/info.c +@@ -1424,7 +1424,7 @@ static BOOL rdp_write_logon_info_v1(wStream* s, logon_info* info) + return TRUE; + } + +-static BOOL rdp_write_logon_info_v2(wStream* s, logon_info* info) ++static BOOL rdp_write_logon_info_v2(wStream* s, const logon_info* info) + { + size_t domainLen = 0; + size_t usernameLen = 0; +@@ -1439,11 +1439,13 @@ static BOOL rdp_write_logon_info_v2(wStream* s, logon_info* info) + */ + Stream_Write_UINT32(s, logonInfoV2Size); + Stream_Write_UINT32(s, info->sessionId); +- domainLen = strnlen(info->domain, UINT32_MAX); ++ if (info->domain) ++ domainLen = strnlen(info->domain, UINT32_MAX); + if (domainLen >= UINT32_MAX / sizeof(WCHAR)) + return FALSE; + Stream_Write_UINT32(s, (UINT32)(domainLen + 1) * sizeof(WCHAR)); +- usernameLen = strnlen(info->username, UINT32_MAX); ++ if (info->username) ++ usernameLen = strnlen(info->username, UINT32_MAX); + if (usernameLen >= UINT32_MAX / sizeof(WCHAR)) + return FALSE; + Stream_Write_UINT32(s, (UINT32)(usernameLen + 1) * sizeof(WCHAR)); +@@ -1510,10 +1512,11 @@ static BOOL rdp_write_logon_info_ex(wStream* s, logon_info_ex* info) + + BOOL rdp_send_save_session_info(rdpContext* context, UINT32 type, void* data) + { +- wStream* s = NULL; + BOOL status = 0; ++ ++ WINPR_ASSERT(context); + rdpRdp* rdp = context->rdp; +- s = rdp_data_pdu_init(rdp); ++ wStream* s = rdp_data_pdu_init(rdp); + + if (!s) + return FALSE; diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 18795551ec..c570e5fb7e 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -22,6 +22,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2025-4478.patch \ file://CVE-2026-25941.patch \ file://CVE-2026-33952.patch \ + file://CVE-2026-23948.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85590 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18B11E9DE44 for ; Thu, 9 Apr 2026 07:09:42 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.126697.1775718580215741835 for ; Thu, 09 Apr 2026 00:09:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=JsDBWSx5; spf=pass (domain: gmail.com, ip: 209.85.210.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-82cebbdbdccso326595b3a.1 for ; Thu, 09 Apr 2026 00:09:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718579; x=1776323379; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=phBGia17fX3Di/1P+4br101Fqk6Up2noLFZKO0XKHDs=; b=JsDBWSx5+q/WsUikfKWuxAsxmfFAQeY5HUtVPNmfLHolRIrZXMog9S26glAdIfTyIT mVvpVayO9HkOaH2nm5s8t3eQsRinwPXdNTknwczdIXCPeMw5mr4B/gteeOx6WkHufdgz qU2556A2h1jibENKIO/71FPW6jKRiKHy4ulep2VjyNNkqgdNSECoOtPAGXnEOO5Wsqo8 TOZ5LoB9J8WzMvyJmoxQpFBOYH9oTgrAoJz2QSK88U0bCf0YWXHbxQVe/8FkFUT7JILp T4sl6nab2rOZkBasiRRpgPXCNppK/1fgYL4EDWeaMG87YGoP5hn212+/F8lbkTNuxChN JM/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718579; x=1776323379; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=phBGia17fX3Di/1P+4br101Fqk6Up2noLFZKO0XKHDs=; b=qI2LrZjxWbce5CEjidpZkTfVudtREVj9wN/Wy7UxTdXaZZR68Z4uSuKZYWO2dF9edX 2yu4+3bq+aTfl8xEb9cFGp+WC3CUcjl/Ju6gKi27HDO+DRh/1OXTT/HQ69sUjStC+Daj g5ZrsJOisz8yG5psYt7XQZujbYptyhXVvXSItoL75wD3dwi/A4K9VsKXdD26R6TjNuWM vKE+jgcNxSiKIePHuc14II3FVzQdks+4friueak2wfI6g0C+yHJFlY1E2GbPlcUHjc4j GrMSV4nnHbmAW5i7bNjX9Pq2nCbLKV1Dxws3fEYZ6EgB9yc4ViX64wctWxJoZ2iZaJMO DJ/g== X-Gm-Message-State: AOJu0YyBqJZPbJJgledb+Cj4aYQRE4uo94NGATC5AwCrNfT6UBi6xGcN V76fCsTIQ4KaxsndQsn3kkmy/GgQEq9OS7RpySwBFgWs24skcultXpiQT8+M6w== X-Gm-Gg: AeBDiesxrl/Ep4EQPZsyzRL8+qvCwHjXTzGDEoITV5yi+GRI6TXwjCNqHgY2EKLmZMq 5oWGKeVB8/0+ufUKNcLy6RGoi8cvIUx6BvG60b6ND6PpACpZkuuISrX0V7b+2USCffo00fshi1u 0SFYHpyHuhLlpMdP37JduSezq6C8KYGWF/hdJjXfV95uixOobrG3RT04lc8EhYalj2osv5RF16r ewFDc5cUWwkXAbvoZSE3JQa1LEWlbH1r7nm9aKQvUdu3UeyeJQ9v2QMfcp9H1JT1hNm09rFEeTy bmFBd5uyFGb75AILd0J1hKNF6pyDZejkHaLEBNyweKb9WgN1b2ATB+PdXNSJs1HVg/omWf18Bgc MQI+IU69bUKmXkTTqiIQ2UdMu+KAhp/DUovWRKTu4mThxAFGG4tGNu3qyANHLYGETi5idfuzxs3 gOEO42YEdDIPQ59is4LwhDZD8KWQQ7VeI2rFc= X-Received: by 2002:a05:6a00:888d:10b0:82a:1c99:dce0 with SMTP id d2e1a72fcca58-82dd8a1dc36mr1648592b3a.2.1775718579341; Thu, 09 Apr 2026 00:09:39 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:38 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 5/22] freerdp3: fix CVE-2026-24491 Date: Thu, 9 Apr 2026 19:09:02 +1200 Message-ID: <20260409070919.3968586-5-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126127 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24491 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-24491.patch | 52 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24491.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24491.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24491.patch new file mode 100644 index 0000000000..958d030bfd --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24491.patch @@ -0,0 +1,52 @@ +From ef948ef4659f59c10a71083fa8cb5d5da77e94a9 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 10:06:29 +0100 +Subject: [PATCH] [channels,drdynvc] reset channel_callback before close + +The channel_callback usually frees up the memory of the callback. To +ensure that there is no access to any of the data structures in it +invalidate the pointer used to access it before a free. + +CVE: CVE-2026-24491 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/e02e052f6692550e539d10f99de9c35a23492db2] +Signed-off-by: Ankur Tyagi +--- + channels/drdynvc/client/drdynvc_main.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/channels/drdynvc/client/drdynvc_main.c b/channels/drdynvc/client/drdynvc_main.c +index 0b85c0fe3..64c83333a 100644 +--- a/channels/drdynvc/client/drdynvc_main.c ++++ b/channels/drdynvc/client/drdynvc_main.c +@@ -485,14 +485,13 @@ static UINT dvcman_channel_close(DVCMAN_CHANNEL* channel, BOOL perRequest, BOOL + channel->state = DVC_CHANNEL_CLOSED; + + IWTSVirtualChannelCallback* cb = channel->channel_callback; ++ channel->channel_callback = NULL; + if (cb) + { + check_open_close_receive(channel); + IFCALL(cb->OnClose, cb); + } + +- channel->channel_callback = NULL; +- + if (channel->dvcman && channel->dvcman->drdynvc) + { + if (context) +@@ -763,14 +762,13 @@ out: + */ + static UINT dvcman_open_channel(drdynvcPlugin* drdynvc, DVCMAN_CHANNEL* channel) + { +- IWTSVirtualChannelCallback* pCallback = NULL; + UINT error = CHANNEL_RC_OK; + + WINPR_ASSERT(drdynvc); + WINPR_ASSERT(channel); + if (channel->state == DVC_CHANNEL_RUNNING) + { +- pCallback = channel->channel_callback; ++ IWTSVirtualChannelCallback* pCallback = channel->channel_callback; + + if (pCallback->OnOpen) + { diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index c570e5fb7e..e66a4ed4da 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -23,6 +23,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-25941.patch \ file://CVE-2026-33952.patch \ file://CVE-2026-23948.patch \ + file://CVE-2026-24491.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85596 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E7DDE9DE4F for ; Thu, 9 Apr 2026 07:09:52 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127036.1775718582649126456 for ; Thu, 09 Apr 2026 00:09:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Xmhwa8ft; spf=pass (domain: gmail.com, ip: 209.85.210.171, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-82d029fd52eso412340b3a.2 for ; Thu, 09 Apr 2026 00:09:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718582; x=1776323382; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=P0h4kmMpAB2naKEblZPrPnN3+Zes26fz05+sYTdCWDA=; b=Xmhwa8ftz3vLIhyzDdgBrGFx4CIq7vyNDEE4V+l4jjEQd/d1vaNUivqc22XC93mAO2 /ZG0TxkCqEqLm1m/taBQJ2RScB6b+Mv9PzkN664s1sPMsK1UzlLl9qtL3KOYAcadPAIh IaE6QGSQiC2Z6Q53/Sy6GjDVQI7A6GjNDdn9dO23UuLPPpEubPq4Ifm2qkWj8Tuax0dW f+ES9DZVGvroHaidKw23Q2UsIb+7NVP5R92qvTeCnZY6rIUijDjBA7xgsF7pAZT2Fk9S uO+pe1OZkkT3J/xhDcwleLDtZ7a7ZHEcsqWL1dZv4dV74xkT5Y7PmkYXP9oGNWBEMTcc 0WlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718582; x=1776323382; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=P0h4kmMpAB2naKEblZPrPnN3+Zes26fz05+sYTdCWDA=; b=s0xffW2IkbDdEjPuRGWQxh4OhgCfYB+vNDbQKtdCXJcac7hAJUka69o+aUYA5pqhOp ujbcRtfWCC1HEwVEoAv6o3kT3chNgRk0guB8lKc7wtpE6fNqwdnArKqRNDCvHTZDNmwb SaWVdfajYiY1ukxTp0BF3CI7AZaLTn6Ar3/PV06EsM48TSLY4RSskMZNQRtrGGNc4pk7 1yzA2OKYQ7+EfDFqViV2Nl4Z842feOIsdT87D6k6zHUnFC/cYCIJceOf5mw1WE0tAU7x 7AZUfy/AL5uw+K2R+AC7Jff8gkdOROR0pvh68SxEaVZxu3db2YsFWysyH8s/Bg7W2N6S DQaA== X-Gm-Message-State: AOJu0YwyJtSoycuztzgOWjz53T+SFYc8dW6O6x2fU4cCs/0fyQMwttIf MrK2I4bJeNjfAqMIPthE+UXBITwGyk15ZOMVbDyrMdLKLscW38xbUIlkX2PSCw== X-Gm-Gg: AeBDievHGsrQXHEE46w5sXYoVB2Fy6rDja8XXEoRkjCZyP93hVSBmu/4TLSmrX4IdTy WJaLTc/v9NPgy3DZ/N2UFr90gn5JYgRE9+2JYnBnO3jzNmr5pQvXxolyMXlU4LDdCBvm7CT74o3 RciKTyyPuIOTbKh3drUmgKjyo/c9119qET3HrvLa0cn111pFVSg/FmaxGDiXdEAAjHulKy8Y7OL n/GgM7Pbispy1YhTs/QT3g5noOP8BsxB+5YMqkQSNcry6uLCfoKfsWlr/iMxkhJ6hhNtWPyyYIU H721JqB851rMMRKx10jj8qWTmaEVB5I5mVuFEoJFYsbvSNYxgMSI3xqekq7p/KIiFN4dcYKvsxf rRVa4QIoZ9l+WPaXj0ycdYq4MlC0280hnXDIEOnzbtE1oHoF5CQUouTaCWaUxYwtuoLanb9Xqpp rtS20Se398f1/nf0lGmXbX5ha3B+VBJUoinuyzn7dwzzNQsg== X-Received: by 2002:a05:6a00:a24b:b0:82a:8163:4bfc with SMTP id d2e1a72fcca58-82d0db7db3bmr25401858b3a.33.1775718581828; Thu, 09 Apr 2026 00:09:41 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:41 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 6/22] freerdp3: fix CVE-2026-24675 Date: Thu, 9 Apr 2026 19:09:03 +1200 Message-ID: <20260409070919.3968586-6-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126128 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24675 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-24675.patch | 32 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch new file mode 100644 index 0000000000..022c7f2e3e --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch @@ -0,0 +1,32 @@ +From be9e04d4060bd826eeb94dc0689d261391f74722 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 11:54:56 +0100 +Subject: [PATCH] [channels,urbdrc] do not free MsConfig on failure + +let the channel handle it later. + +(cherry picked from commit d676518809c319eec15911c705c13536036af2ae) + +CVE: CVE-2026-24675 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae] +Signed-off-by: Ankur Tyagi +--- + channels/urbdrc/client/data_transfer.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c +index 7a7e5a2b4..074a8c05b 100644 +--- a/channels/urbdrc/client/data_transfer.c ++++ b/channels/urbdrc/client/data_transfer.c +@@ -581,10 +581,8 @@ static UINT urb_select_interface(IUDEVICE* pdev, GENERIC_CHANNEL_CALLBACK* callb + MsConfig = pdev->get_MsConfig(pdev); + InterfaceNumber = MsInterface->InterfaceNumber; + if (!msusb_msinterface_replace(MsConfig, InterfaceNumber, MsInterface)) +- { +- msusb_msconfig_free(MsConfig); + return ERROR_BAD_CONFIGURATION; +- } ++ + /* complete configuration setup */ + if (!pdev->complete_msconfig_setup(pdev, MsConfig)) + { diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index e66a4ed4da..c83d82b357 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-33952.patch \ file://CVE-2026-23948.patch \ file://CVE-2026-24491.patch \ + file://CVE-2026-24675.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85593 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64DE1E9DE44 for ; Thu, 9 Apr 2026 07:09:52 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.126700.1775718585406570254 for ; Thu, 09 Apr 2026 00:09:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=PQ6yfw7v; spf=pass (domain: gmail.com, ip: 209.85.210.170, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-82cd70febc7so448370b3a.2 for ; Thu, 09 Apr 2026 00:09:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718585; x=1776323385; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ymGO2t5KEXfW8hWW19MLi3c8Hw2JGEHjkvwQBc2HMu8=; b=PQ6yfw7v/NW9hEAEtTbWY3DSHD72qIa4H90m/Sh22g4TSTeT+v57U8XG70MhRbiB44 YFF4SFteThBgjFWnbUpULsESD+IAlUq0jNAOdiJe5P0KduC1S+8BWexlQN0Nd4bsESAu r3Ku3fpwOJvWSfBcmurVLokkZLVCxX7iT+NYwRUHdkm5O7jsqsRD4hl7L6gVBD2Vs82s cYzijEIeqgNjpPMhO5/S15dFF1pQ0wMHUkTFzQ0jCbrtEy+a4+lfTZmZ4k/cJnlEVafk 0ClpC4RuSm/+V5gTdnSKqP+OtX1FUtYP7QDLJvgW2tuivH9V80FwXJ5HhYGe+dT9Vpyl Momg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718585; x=1776323385; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ymGO2t5KEXfW8hWW19MLi3c8Hw2JGEHjkvwQBc2HMu8=; b=P/cF0JmuRohrdF+vkh9GJ88ife+uFJvaCfzSoiPxRzC75TNsJf/VN0OsKbYz1QJiUB Pd5pX3sJiWTxk2t739yz0rcwZHyWDb97Lp2dj2SwbcAiIC4mCC+QsyzAOeKfoQM/Wao6 ByYc8U3h3ezkIgsJdca/L5Cut7cz3VZ0TpqNguLmdBD57gPVLIZbbW3wbqEVtrS5xnNh I2T1bszD9iMNcYxPiavmNx/PaQZVGFEn6UD3sTEWWTldl741c8of/oQxDKk8mHuuApNN EZG7///Dvri4Yvla6HVy/M6p8FExh2zF/jjutUQSLi9k0irns9HfQqK30r+2nQqbrrLc YrEg== X-Gm-Message-State: AOJu0YwPqWT6CReUQsWAKnQ5dFMFtfxnhNGWOw68mHGzCWwht5cYVdao tIqkVBJX3Uj2iH6vIB7n4nQ9QpDCOh1phAN6Ef/1gvXi8Uwf48bkHA7nIVulJA== X-Gm-Gg: AeBDiets1wDtzsPDsKUTbt7Pa+KL7pCDfViZbAfI+DIEbdemo1q243/mMJVDtd1//mq 6knBUEkYi5EOT+I6znFbt7KpY3TDvzq2DbsgY7b0ig18oHL7UvhW7qax9dHjIdTdlv9PHY5AQK5 HZSykU2Kp3zIiPvaJwAfdsORtVYxBiIe/S7fGzZCJfZ4VPbGWWbzaxTrIDcidYEBuM9TblIKwR2 XFqGLt0wNAKjmKS917CHFDDKp0KYU/yBQhO48gBiSDtEpWvSZDKqb8sxNz5t8rZNk2W74mLBM2G zze7eBmbBJ2kRhSfAbE0Ijv0cohrx9KP3Gg0Jk4aCpZwoIbp/ERl3k7d7+XSheegrLi4+/uEhE0 T35Ba1eAHlyotkCN0xb/uX44QlsFyFG243ZPjR5s6ZYn9g/K1cw0jANsMG/SgBpA29jX9YXZ8n+ 1oy0BuvxS5eYutE403NcZDpzj1rb7YWVyTM5w= X-Received: by 2002:aa7:9dde:0:b0:82d:5da9:adc9 with SMTP id d2e1a72fcca58-82d5da9b551mr5590299b3a.12.1775718584552; Thu, 09 Apr 2026 00:09:44 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:44 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 7/22] freerdp3: fix CVE-2026-24676 Date: Thu, 9 Apr 2026 19:09:04 +1200 Message-ID: <20260409070919.3968586-7-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126129 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24676 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-24676.patch | 34 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24676.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24676.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24676.patch new file mode 100644 index 0000000000..30ca1c8a6c --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24676.patch @@ -0,0 +1,34 @@ +From 0a2248a4adbee77122270062bebe00143d3ee96a Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 10:20:23 +0100 +Subject: [PATCH] [channels,audin] reset audin->format + +Whenever the underlying structure changes reset the pointer to NULL + +CVE: CVE-2026-24676 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00] +Signed-off-by: Ankur Tyagi +--- + channels/audin/client/audin_main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/channels/audin/client/audin_main.c b/channels/audin/client/audin_main.c +index 1578d26ac..2c91d9f60 100644 +--- a/channels/audin/client/audin_main.c ++++ b/channels/audin/client/audin_main.c +@@ -206,6 +206,7 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c + } + + Stream_Seek_UINT32(s); /* cbSizeFormatsPacket */ ++ audin->format = NULL; + callback->formats = audio_formats_new(NumFormats); + + if (!callback->formats) +@@ -280,6 +281,7 @@ out: + + if (error != CHANNEL_RC_OK) + { ++ audin->format = NULL; + audio_formats_free(callback->formats, NumFormats); + callback->formats = NULL; + } diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index c83d82b357..5f0a2536ae 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -25,6 +25,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-23948.patch \ file://CVE-2026-24491.patch \ file://CVE-2026-24675.patch \ + file://CVE-2026-24676.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85595 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7334DE9DE4D for ; Thu, 9 Apr 2026 07:09:52 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.126701.1775718587676420801 for ; Thu, 09 Apr 2026 00:09:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Yl7rNhuL; spf=pass (domain: gmail.com, ip: 209.85.215.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-c76864f4e58so220516a12.1 for ; Thu, 09 Apr 2026 00:09:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718587; x=1776323387; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hEJE9TU7sgj6NPPCYd0+et2OxFFa3btxj66KE1Il+to=; b=Yl7rNhuLO/fjg+PDrfxuNhyFSGMp2YCamHMYhYBHBjo9+0ZZ60HcHqs8Dv0fhQZ/wp eIZGhsNxcHqIM5paHTvfUkxSiULckLbNeKvAeQ/tQef7VwTBDHY9Ro7KkpwqZbjSOszp s9gG8RUarh5qHAMxqm147rsbf21RDbnRmL03tqMGt20HHM03gYWmXQnllMIcowkVjaNI L4fTaJ+5BHa/z53OAIdmwQJmwgtqjIwgaI3LhSgKzRwWKv1I3710O4vYZRGnNkCV+cLh UGE3wapu/xlrcK566A8n+0Tn5Dhq4eYo7YamGEnZN6y4VwlSvrEXSrAYKE99aOg9jLO6 BqMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718587; x=1776323387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=hEJE9TU7sgj6NPPCYd0+et2OxFFa3btxj66KE1Il+to=; b=F8TWG3l0w8j+7QTgO002Trt72Ka9W2OrFV00XRArLhOCE8U5dEoNh6Y7DKjC4/LS8A AV9OF6hO4cqbjAVClQIwpxkQftq8JjP0IS8nIZ2Ep1IKNLeUfDJBF5ucrfPuWA4JkzcV 7+tYF0wkSFT41VSIPcaJNXMlRa/yhcgZr0z6BuHAnYQQlTaC3nGDy5lIDqyet6JsUaTI 4k9Be6plohc/1K8vckJ1cIoRrMhElmNtzbs3dax43eRANYSdE99KHOV45qgsBXd7Pu9y BQZet0di+HVCbSRJm74LjfoaUAdiQP37Yur46lloXlUp8amjtcNX5pDSuPa+Nyhmb0i3 My9A== X-Gm-Message-State: AOJu0Yx7zZuvG82OZXMKqqYffopRTuivcxbWaXLUvn082GYoOtOYZu+s uuTPKOuNNeUSM79R5WX0T6810/xmlLUgjemHNnG8JvDdzzHoxF+pkeNaWn+xxg== X-Gm-Gg: AeBDieslIRkHU06AvRV8f3fsyWVfVYYzGDeq0eg3CdJL9Y38/t99YR8whiHNAw847Ob zHxCdBb1fbPutCGvPLiJLIhsk5Za7op87wpPKB9ONYt/mtsFxy9xt+dFST/lmxV/d2sJ/m/OwR4 /Mcg5vjBY8BcWZQ15Jb51gbfuxqZKy2BYxNOVxZEAHfsB/SXyjwfDsR4yW7iVh2gn7OTfMigbIZ 5loqNaJkWeJw6pFVBY5VzuuqWou3rnGvDZAwU8RYEBx+3wOhsMjE6qbwoQ901bMQnvdfAS4jJeZ wuSzveZ3o6G3kvwlriVk6ouDzpOkanViOrJ/PIBEdgpw9ENTZMFYYqtqXov29WHHyHMIFnjCPtW AW3nAOuPypmxA13YJDAxMLaj97QwgVGbj66GSs6GdoArlv4i3XKhEhO9XLHvfrhy23coWQHl7J4 2Ela21ivsHrcAOT2NMXYXMAI/CWOBWOtEkOFIYieUj+GauAg== X-Received: by 2002:a05:6a21:9984:b0:39b:91d1:6bf3 with SMTP id adf61e73a8af0-39f2f2b873fmr25928516637.56.1775718586944; Thu, 09 Apr 2026 00:09:46 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:46 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 8/22] freerdp3: ignore CVE-2026-24677 and CVE-2026-24678 Date: Thu, 9 Apr 2026 19:09:05 +1200 Message-ID: <20260409070919.3968586-8-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126130 From: Ankur Tyagi Both vulnerabilities exists in the functions which were added in version 3.6.0[1] Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24677 https://nvd.nist.gov/vuln/detail/CVE-2026-24678 [1] https://github.com/FreeRDP/FreeRDP/commit/a81d111ac4023d31e10ebf579fa34c93bf56bce5 Signed-off-by: Ankur Tyagi --- meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 5f0a2536ae..82b926f430 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -81,3 +81,5 @@ do_configure:append() { FILES:${PN} += "${datadir}" CVE_STATUS[CVE-2025-68118] = "not-applicable-platform: only affects Windows" +CVE_STATUS[CVE-2026-24677] = "cpe-incorrect: The current version (3.4.0) is not affected." +CVE_STATUS[CVE-2026-24678] = "cpe-incorrect: The current version (3.4.0) is not affected." From patchwork Thu Apr 9 07:09:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85594 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E7CEE9DE48 for ; Thu, 9 Apr 2026 07:09:52 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127037.1775718590258334735 for ; Thu, 09 Apr 2026 00:09:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=AhrYtGmt; spf=pass (domain: gmail.com, ip: 209.85.215.173, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-c757a9251faso204559a12.1 for ; Thu, 09 Apr 2026 00:09:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718589; x=1776323389; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mlee/D/wmjGjCtI9cEJ2MFriOKi/fP/ROquV5V6NsWo=; b=AhrYtGmteXfaMVvn7b1efcPNxiXQTz7WK0o79YKwqeGtpdUr+72T1OLtoNcVgg7YNj Ua7B2IepR2CrHeiuGhIVIWC+7y5ShIAXLWCCjotM2ev83py4x0K+TE3pu3GJ7fYrOKnh zWbRcIIUPCkYJhiP2hei5jgDaqjvzmjxoUpOoL7j79ckl6fa8yYiSHQp+ZVKKvaQCmVl I7OyDvWvulw9PPrhGRS1Xv2wn248ukLRnG51jOGhFsJbM6Ys++3jwaD0MxgPUivHAujC bPfdbQswP2eawgleLn9U9QZVf5QSMoHjUWgPiuMfrU3oxkLRK1rwNzLToedGciN2MRdC 6lOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718589; x=1776323389; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=mlee/D/wmjGjCtI9cEJ2MFriOKi/fP/ROquV5V6NsWo=; b=BF1TsFDNarofxayOvVactY1UONi+wnbLB08R/PjWsXQCK8Q15ytZrL2JSS2lPmNz7d kNohzmk/6a4TIPxM+BmtfwWXi6EbKMjmVK7vi30tRG3w4kGcLhltkaTKbFTdnkuv3Dsl MhOaZUgyOEYLGuh2s84lASd8mtM2Llfm/J7wKfMF/njxvTU5NwsW6dbA4ln0C5ZnYMz6 sq9aKyTXO7RhI31i3eCZnaONpv1IKT0nJr111JwKf/BAkoZoF3T5Ls7LvuoRB7T3rtnx 2l7W2wCQId7yc1QrKwVBZbl6vVU0Pin/AMwAe3jEwFSGOWy1H+KhLmNxdpK1Ic3SMB7t ft3w== X-Gm-Message-State: AOJu0YyvGJH2S+MBfDGoU+s4tOvgQEqeGFQeBvDXpaUWZ16hHQAOom74 JqhCY1DGAK0hjJ5vNmpAg4QO6n4Ges2QyBYwdDmE78IZEwv1b5W86eVBMoz03A== X-Gm-Gg: AeBDieuMldHrWN5aJ+Dst3uKgfaRw/aqtSuWq6I8Q/BuNbRYCOMjLG/WaElaDfTZv4u KOoMSFAnLYesmrAp/4Zwc8WgGP3OZAQdAD0I90Ig8PlTmYSND9ZeAtPvPasT1PQQTd3IoeS+jEo UQ7KlyILgZPkhBoi/bt+9YcU8NEULXtyWiadDlrOjDrW8TZ5GaujoQejVM29IlbDV/EV6r0W1LT A03uDv/IMGs6RfCYMwJaRaXqmQHi8Q5aLbGmyUaNwjsY5vRBfAstzaTJOsig+e7wUgpPKySLmhq Tbd6dREEF08ECr58r9DaXju2rHPLOIOEnIRNJGxmVehpnJpjtBq3UNFdqeUb3M4cSpr3Jmp4RPZ JZwWgbGqtSbfDi9GpgbunqhRIIQivQ2h8tlVIyRoLPwfPSkLufaPGDKGjxuEL1tyPclzXNrFCY8 /oQLeoIEb264Wu67AQ5hunKwOhlghyhFImpEU= X-Received: by 2002:a05:6a20:7353:b0:39b:e837:5565 with SMTP id adf61e73a8af0-39fc82e878bmr3050833637.28.1775718589384; Thu, 09 Apr 2026 00:09:49 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:49 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 9/22] freerdp3: fix CVE-2026-24679 Date: Thu, 9 Apr 2026 19:09:06 +1200 Message-ID: <20260409070919.3968586-9-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:09:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126131 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24679 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-24679.patch | 44 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24679.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24679.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24679.patch new file mode 100644 index 0000000000..7829a63f03 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24679.patch @@ -0,0 +1,44 @@ +From d128bdb4131634a7f877500da9fee4fee99bf019 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 10:59:39 +0100 +Subject: [PATCH] [channels,urbdrc] ensure InterfaceNumber is within range + +(cherry picked from commit 2d563a50be17c1b407ca448b1321378c0726dd31) + +CVE: CVE-2026-24679 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/2d563a50be17c1b407ca448b1321378c0726dd31] +Signed-off-by: Ankur Tyagi +--- + channels/urbdrc/client/libusb/libusb_udevice.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c +index c226eb806..ea12e55e0 100644 +--- a/channels/urbdrc/client/libusb/libusb_udevice.c ++++ b/channels/urbdrc/client/libusb/libusb_udevice.c +@@ -532,19 +532,19 @@ static int libusb_udev_select_interface(IUDEVICE* idev, BYTE InterfaceNumber, BY + int error = 0; + int diff = 0; + UDEVICE* pdev = (UDEVICE*)idev; +- URBDRC_PLUGIN* urbdrc = NULL; +- MSUSB_CONFIG_DESCRIPTOR* MsConfig = NULL; +- MSUSB_INTERFACE_DESCRIPTOR** MsInterfaces = NULL; + + if (!pdev || !pdev->urbdrc) + return -1; + +- urbdrc = pdev->urbdrc; +- MsConfig = pdev->MsConfig; ++ URBDRC_PLUGIN* urbdrc = pdev->urbdrc; ++ MSUSB_CONFIG_DESCRIPTOR* MsConfig = pdev->MsConfig; + + if (MsConfig) + { +- MsInterfaces = MsConfig->MsInterfaces; ++ if (InterfaceNumber >= MsConfig->NumInterfaces) ++ return -2; ++ ++ MSUSB_INTERFACE_DESCRIPTOR** MsInterfaces = MsConfig->MsInterfaces; + if (MsInterfaces) + { + WLog_Print(urbdrc->log, WLOG_INFO, diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 82b926f430..031cb4a665 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24491.patch \ file://CVE-2026-24675.patch \ file://CVE-2026-24676.patch \ + file://CVE-2026-24679.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85599 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7B7CE9DE50 for ; Thu, 9 Apr 2026 07:10:02 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127038.1775718592672236515 for ; Thu, 09 Apr 2026 00:09:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=kHd6OsPX; spf=pass (domain: gmail.com, ip: 209.85.210.181, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-82c68339cf0so338047b3a.0 for ; Thu, 09 Apr 2026 00:09:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718592; x=1776323392; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yVOxetOIVpVKXhx+74PAdSSA304fkCb8oN8bT/Em9HY=; b=kHd6OsPX0Q9OJxcmXjkacpDM9giIGItvFzPzBCS4yv81ZGJLFI3h2XXKdopDdLWPG+ dtz6jVZ7L7EnfhY9/ux6GdBLayGl3GRSn6so8QkiBBu1/5E6e1wC0HTR90uClhPgQGNX bfqNxGpvA6W4rgu5ltVJrGULvp4ATusSI6IGENrC8eKTu8XFn5ph23+WgspHq8Wv5l8+ e6QC0Us0f0V12chPhIqXXXtr34WV9T/GfX97VnPvkKLcGjHrervOrymjc5sqKED4+4VI e0Qhd/qulzgdN64VsLvPFXFDzOvdHMSWVAfnLHfHeLry5OD/siqeX9bXeQv9/vyRF1Of vVQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718592; x=1776323392; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=yVOxetOIVpVKXhx+74PAdSSA304fkCb8oN8bT/Em9HY=; b=WMNjaEQL6UnjIkh4MGzVbCtBalSLnmOfxQZST4PVzGY/cmDxnwJmATcTfeSA7UHvUd KctAB59OXBSqmpOzk4DzBqFY7BXnl97TRlzBviWhBSICVzmvum0CS9WekTfTjxjdVn4f ujAkCx6FmEr6V2fl/i8MGYIa4FJeFFwIkDG+M53ra958HYi28rBTMzFpiXTGwThxx31z tUNyzo60xiF965OTNgW0omgh4i09xFHLtTmUXIWthmdR+o6ssK3tPI/Bp+fmyA4zslMo UoYq7ZDgDaMyFgfelOeX5/nl84O+uHoxiyQ8wi2Qr1kuFJOuICg13ZqmpgiKgUsnrv3w OI3g== X-Gm-Message-State: AOJu0Yxr4rVxbLNH6Q8QdblR5Wfa0Y1yi5PHuEk2N8oFh2TiPFf5B1Xp b3q+ymKh70MaJJd8tLTI1MCNA0mDjCr8bxtf0HDVefrUKLFNh1UAQxweE4J6tA== X-Gm-Gg: AeBDiesR3VnUUs8ALnKUhsZ1bjmwWEz4BwVUurXWP+P1NU5x5dufglkqAP5T4M4jnAR VD0hUYaWdIvHXpjFgez1AHoBkec3Dl2fL12yEA0pdJUHPJQ7mV08Bcqv0GIWkh3DkFnjlsa5iSV DqlR7FU5Cl39Jwo5lm2gA2eJI0vRz+MJl7wUVlvNCaSS6VnWl3MAADDmpuBTAHfXvGvQ/M3Xyn8 H2B3aUeYuqMNkw5NVbzNVOkaNNIKxWdA97qqalOE2EQyXGYW+r1CU27ArHBeZofkEhzJcMtAUpa vvYgAnvLID+KmoTySwUE03UyQZ84/ZwkP0AfQ+zSorSQLqAWmlGTnZ7RG529ykpWPalzWAYIQuz asMOlF2i1UrcJXHYBdPulIkLeWWF67J3ALwaGt+abrd+X60gTDB3FaZleTQAoCKtrfkXSvcK2DB VEulZ9Y+8LabcLh78BjexycmnGudIal0fvc9w= X-Received: by 2002:a05:6a00:4194:b0:829:8083:472b with SMTP id d2e1a72fcca58-82dd8a5b935mr2134083b3a.4.1775718591839; Thu, 09 Apr 2026 00:09:51 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:51 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 10/22] freerdp3: fix CVE-2026-24680 and CVE-2026-27950 Date: Thu, 9 Apr 2026 19:09:07 +1200 Message-ID: <20260409070919.3968586-10-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126132 From: Ankur Tyagi There was only SDL2 client until commit[1] created SDL2 and SDL3 clients from version 3.6.0 onwards. [1] https://github.com/FreeRDP/FreeRDP/commit/8281186a6d9dad20e8345d85a1732e2974636555 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24680 https://nvd.nist.gov/vuln/detail/CVE-2026-27950 Signed-off-by: Ankur Tyagi --- .../CVE-2026-24680_CVE-2026-27950.patch | 24 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 25 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch new file mode 100644 index 0000000000..85179f74d9 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch @@ -0,0 +1,24 @@ +From a2e077bc8dea8a7d1b16b98f31b6f6fbc00c0c24 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 11:01:17 +0100 +Subject: [PATCH] [client,sdl] reset pointer after memory release + +CVE: CVE-2026-24680 CVE-2026-27950 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758] +Signed-off-by: Ankur Tyagi +--- + client/SDL/sdl_pointer.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/client/SDL/sdl_pointer.cpp b/client/SDL/sdl_pointer.cpp +index ad8a4f316..a9203a20b 100644 +--- a/client/SDL/sdl_pointer.cpp ++++ b/client/SDL/sdl_pointer.cpp +@@ -63,6 +63,7 @@ static BOOL sdl_Pointer_New(rdpContext* context, rdpPointer* pointer) + &context->gdi->palette)) + { + winpr_aligned_free(ptr->data); ++ ptr->data = nullptr; + return FALSE; + } + diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 031cb4a665..08b1fb25e4 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24675.patch \ file://CVE-2026-24676.patch \ file://CVE-2026-24679.patch \ + file://CVE-2026-24680_CVE-2026-27950.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85597 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 998FDE9DE4F for ; Thu, 9 Apr 2026 07:10:02 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127039.1775718595005545796 for ; Thu, 09 Apr 2026 00:09:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=gCY5yH2w; spf=pass (domain: gmail.com, ip: 209.85.210.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-82cf83bf375so295209b3a.0 for ; Thu, 09 Apr 2026 00:09:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718594; x=1776323394; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ax1BqT016sUeHoYihXxLmHXEtjpt7cDvSpuscu5nBqo=; b=gCY5yH2wfbTMfFcNdwuxilYY5qR0tAqZEDPlvpPQcNB1TeHT4OkhvAngRK5J+N3zmk M/IZYfSRZGR22deISbZNgrfQYW2o5HwIgJA+QjTpO/aLYT8Dk/nhnlBy+TNQIyBqc52y Z/Qj4XxYIucIJbXu+cepqSCATZ0WO4VZTbwnsmjwFdiEOTieq3L8vURTYPKuRZ+97kCW 9rDdcRprB2ZVU//Ynu3GTjTXainHGMwwHm+gHMsoutQoZ5KpRj9wQazGOPIBsB8qdK45 5Fdnk/425TIz+BGyKoA+wiGonzq131c4Lfwf9S7Gug3Th36aMS/m5pkW8ViL6MdExn6G Lnzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718594; x=1776323394; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ax1BqT016sUeHoYihXxLmHXEtjpt7cDvSpuscu5nBqo=; b=q0GdnBn3PXkXxim3SkItgR9qV7NDLF2Gx6Xj4UqUzjCp6Jo8qU5ZhoNcUMhB+4pU5Y ZDynp3Ck8iEpkiKHBAkdngEyO57c2dZKquhOPSTxkdJfIvi4p61YEg/xlFgIc2i0D6n2 2G4+wVJmA0qKpsGA7SFQP/vbab9rRquJB/pvpSWS0TY+JSvTNJEP1djTcujt0w5O8LC1 nCyYLTaxEnABYPq5SVrvxju5MKmdaH7QSvog1DgQI1/J+YD5wrPUUL2ZroUtdAIVa/EY DfyFashtzAeL873DiEcT/VN5sIwBmlSBkoCwkoH5l+YS4kXD7on8lHbp9Iva4iXCDQ2B sivw== X-Gm-Message-State: AOJu0YyLp6VY6ZZbMMj7X0aWbb0+7HCkDIIL/R9aoNo4SYV5EtcsWgK8 nMIJNcRXVKb2tVuuhwtfS9YCCy1H4JJykCavuhq95Xl/55L/kz7eNz1ZTuarjA== X-Gm-Gg: AeBDietu22Pj8Z1yh73/TIchsCMh8aGjqpM71CqV9DVmZM6YPccvrzKkiMuzhm1h752 5uYWwFSKFXFdjHVZqy5v71uQzoV/etxW7ZFsRPd10DedRhabKDyWz1bPimPCi2uOMFqlJPFzNZE sxIqP1eZmiIJlGYMsMg5rdsDpThPaci5hClb0CGlqe9SzA+rUDwfvlkgBsS2opSEw67ScxyhZxm YJYoE8u49/3xG3NjWCZA6nz/huk/mfcDX9ycRqdTyOYaBhGWa8M/IsJ+QiK+rXPnShV1fBWzFnO KKtJJF+o8NlEp49C6nZxbD++G3y5jXLvq38/JM+FvV8ISHk5sfSDC2eEJ01jH8qtc9X671NP+28 ywWbJ7NtdkteJkRcSn4m2Bah3N6UXvQhrRCnqbFGlG9Yvq/Jwm/Kax/VPJ7JN3StyoeKj2TjJh5 hJFvuoH3Z48ivOBYn7p9oixTYNliDWdTONmGE= X-Received: by 2002:a05:6a00:1303:b0:827:441a:c970 with SMTP id d2e1a72fcca58-82d0da33e83mr22374710b3a.6.1775718594209; Thu, 09 Apr 2026 00:09:54 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:53 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 11/22] freerdp3: fix CVE-2026-24681 Date: Thu, 9 Apr 2026 19:09:08 +1200 Message-ID: <20260409070919.3968586-11-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126133 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24681 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-24681.patch | 26 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24681.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24681.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24681.patch new file mode 100644 index 0000000000..5718543fc5 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24681.patch @@ -0,0 +1,26 @@ +From 00579b7be58db6dc7bf70db4a005cfe9a9e73131 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 11:07:25 +0100 +Subject: [PATCH] [channels,urbdrc] cancel all usb transfers on channel close + +(cherry picked from commit 414f701464929c217f2509bcbd6d2c1f00f7ed73) + +CVE: CVE-2026-24681 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73] +Signed-off-by: Ankur Tyagi +--- + channels/urbdrc/client/libusb/libusb_udevice.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c +index ea12e55e0..0d0f54f0a 100644 +--- a/channels/urbdrc/client/libusb/libusb_udevice.c ++++ b/channels/urbdrc/client/libusb/libusb_udevice.c +@@ -1125,6 +1125,7 @@ static void libusb_udev_mark_channel_closed(IUDEVICE* idev) + const uint8_t devNr = idev->get_dev_number(idev); + + pdev->status |= URBDRC_DEVICE_CHANNEL_CLOSED; ++ pdev->iface.cancel_all_transfer_request(&pdev->iface); + urbdrc->udevman->unregister_udevice(urbdrc->udevman, busNr, devNr); + } + } diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 08b1fb25e4..43aabf797f 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24676.patch \ file://CVE-2026-24679.patch \ file://CVE-2026-24680_CVE-2026-27950.patch \ + file://CVE-2026-24681.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85600 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3EC4E9DE51 for ; Thu, 9 Apr 2026 07:10:02 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127040.1775718597606306572 for ; Thu, 09 Apr 2026 00:09:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=LB5aZnRl; spf=pass (domain: gmail.com, ip: 209.85.210.172, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-82cef263bedso295883b3a.0 for ; Thu, 09 Apr 2026 00:09:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718597; x=1776323397; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jaFA53NeL6VCnUtNCyk6g5RbE0HHz7d6jRLUI8x43Kc=; b=LB5aZnRlyTkDgBDsxVGKoKoBMWdcICQFDIa4IImCU8WX7CMZz53K/1X6A4Je7W95zu Y2O+RvPM3kYn8RqXV482Dx58M1p1Z96/0fsfsPJWk6uIiFsoWmuR6SQOeAw7PMEe+6Ea hs5L2YYTWCH9ICpw0YB4dTs/r8Z1Sbo10ttMivAwdWhOSwt6YpYl5A1SxBKXEB8Ak6AG GW3rWX05q2L7DwHlhG8SFy+x8mhX/f4OFeo7ekK298AfMp08Njv/KAzGUU+sD+oz/jn3 /X9juksZ1kQcI0UdUZu2x3jJkfQ9xbJ9/fgAtd3zJHgFgxAqzwZYldgKxJ9Y/PaUbLpv vwCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718597; x=1776323397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=jaFA53NeL6VCnUtNCyk6g5RbE0HHz7d6jRLUI8x43Kc=; b=BNhyq8twAQT6XgiVLjUrAHQF95HZq/o02Ce/6h1oj7fzjxBQtCH0vC0DxaMFNFO1TU JP4Wv4up3eC2eNJzQcpeolKOZLNpSUDT+wfqsrZhG9ywjFHG5pjJHuU4fcWfOUwfuuuP phAS5zUtdFcNsVR8FkLeIM8jBLBunjV4zLVsPz2Y0BKynduBzHJQd1jxgkl/ELStRjEH ZCawFBOph1lZZKs5bNeSU+v8XPxUIHBRlVyB1WzrBjlx49tS/idHIrorRnwUnPX0jGbH YRcJ+gLD4yp7uhOlK7zhXCHlaVds08Lhw4VbQOYdQaZE5t3dQe/zfoI56mhRuVHUfPWZ jxPg== X-Gm-Message-State: AOJu0YxYmhwEVFGEsZ4GtYnTVjN0BKpbQvaFYja2NF9DCQzmM1ogt2Hl +R4HD0KJDpV0LG/lxQNDiEP17+1yedgImze19DI+LeTC/+nxgCL2C1JlRP+v2w== X-Gm-Gg: AeBDietE9dvzYUhFvhTz+eIRckLfjh4U0aMrMATaHYWM+QK0OfxLEUbAXdgO+O8vn0Y mXhnnrLDYbn1QkBZMokmuZYM++Ss9fQPyZXMw/m+0JVHZCar8E+unibsj2YsZ1X5dO+VIF3xSmW 77wmh5rPMvPVv+RyDmFtHvG66nSIXr/aaKl/89kFbTN2MoCmw3aVXzgCEC3hZuLdYF//ZRWC3Lh v5811LJxzz828vNSajsgQBESfWZzkl6u7ehSJiDoqQM4X0lAQyOEdm850kzlR0gk2PESCr6kbYk 8Tb95KnfNmFhbYKqmKBbx4T4DL5I6RwjuROIF1/swVKNDuKeZ+VhRpH5gLq98X7q8oOvuURjm5P 1yNUfgaCqu3tQZb58qxKgedp0AnPLy/Lx4DFxX28A15a+rhmhLO9MTRGHc3CoaeACQU41xVC9sg JS5egCWkW5uCz2oY0qNlaosQHh1aS5WVzO3gQ= X-Received: by 2002:a05:6a00:10c9:b0:827:2995:3b99 with SMTP id d2e1a72fcca58-82dd8a89b05mr2477208b3a.31.1775718596766; Thu, 09 Apr 2026 00:09:56 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:56 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 12/22] freerdp3: fix CVE-2026-24682 Date: Thu, 9 Apr 2026 19:09:09 +1200 Message-ID: <20260409070919.3968586-12-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126134 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24682 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-24682.patch | 31 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24682.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24682.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24682.patch new file mode 100644 index 0000000000..245c3e617c --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24682.patch @@ -0,0 +1,31 @@ +From 603f5b79dc142626baed8df6b9abb23d390dfc4e Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 10:14:08 +0100 +Subject: [PATCH] [channels,audin] fix audin_server_recv_formats cleanup + +(cherry picked from commit 1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee) + +CVE: CVE-2026-24682 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee] +Signed-off-by: Ankur Tyagi +--- + channels/audin/server/audin.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/channels/audin/server/audin.c b/channels/audin/server/audin.c +index d67937ab7..f0bf96464 100644 +--- a/channels/audin/server/audin.c ++++ b/channels/audin/server/audin.c +@@ -128,11 +128,7 @@ static UINT audin_server_recv_formats(audin_server_context* context, wStream* s, + AUDIO_FORMAT* format = &pdu.SoundFormats[i]; + + if (!audio_format_read(s, format)) +- { +- WLog_Print(audin->log, WLOG_ERROR, "Failed to read audio format"); +- audio_formats_free(pdu.SoundFormats, i + i); +- return ERROR_INVALID_DATA; +- } ++ goto fail; + + audio_format_print(audin->log, WLOG_DEBUG, format); + } diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 43aabf797f..8e53c47103 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -29,6 +29,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24679.patch \ file://CVE-2026-24680_CVE-2026-27950.patch \ file://CVE-2026-24681.patch \ + file://CVE-2026-24682.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85598 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8ED44E9DE4D for ; Thu, 9 Apr 2026 07:10:02 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127044.1775718600511784501 for ; Thu, 09 Apr 2026 00:10:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Dk6PEAuH; spf=pass (domain: gmail.com, ip: 209.85.210.174, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-82d561b3689so246700b3a.0 for ; Thu, 09 Apr 2026 00:10:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718600; x=1776323400; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ugb08wCS9A8Uwmfi61Ch4OYk4J/af59fOo+gX2ILv6s=; b=Dk6PEAuH9P2mroNHPC/DKVI9lQYkfZQu1tTpJHZyf+yst7IoI0ZkFEn3RtOIVYtc25 aI2IBy2STERtRWwtoZD03FE1mav26tEFBGjJR5punsn7q/WGBKOM7dPxbeHaxfYM0nry EtAbeh61l8NI7aeWiLbBQxFUVvfEYTzcneMzUnRfeT3oDRtcdpdTZQgcqD0WEbVOXari D371mL2TeWYh/nTmqDmyOpxrPeRkOzBdhYj9rZYPxtswS5qQ/pwoQXLNYmLiAMOZIt2n DSPWxkuPgRI0oQOMz44JxU26v3JJRlgkbj5fMXPsNrTvMjSYOgdBj1aeI226AVnVLJNO e85w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718600; x=1776323400; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ugb08wCS9A8Uwmfi61Ch4OYk4J/af59fOo+gX2ILv6s=; b=lC5SSX8UVnKmRbyMGa1hBqX3s9OLdImh1lAvxi+2spyQNpO/ZmL8G4yjbhYLl0Ciff fjz0PV+uXsCYmvdc0kbzXgA+IVsFJcGFh/8cJihjTj68piwwP5DjOVC6QETodtUYhwrC +wdfxVFDjfcilRBAwy9GqGFoKSVo0/tqG9wn3jXwHgYIIJTKYZ9NXPXoZbOL4wU6/P/N RSy6QnOQ3RzAJPKCgEU86n7blHxHvGk0LlLtKhf5LTzcIzUri+heDvfFM/VpnFMeSyqB +RsOO2XeNvnuBneweSDhVO/BfvpnhqkRuS4Y9ADA00iwdkB4hv3TZpEgczTN23HvoYwi WCPA== X-Gm-Message-State: AOJu0YzxnA6+Ma4Kif0wQwJhD6kf1JnaxVmfLjEXE+E5H5s9JvjH2SCW 1TI3MI3h9U5UHgFS7fy5XS2Jt/SkIl+VUcNF+2dI6Z7w3V3KuyXbRND19ZjzKw== X-Gm-Gg: AeBDietqb7mPokGw9May4EkGy89PqJCw+uLwEzOmKCO/Z0A28H6D8LIupvlID/gJbz0 LyqOCx5FjdXqCQpJFB+m87sDTKXn8B8ScIKRnMwWbhx2oB07kn/huMmSI7/zy3mFe6KfMw8V7dS w6p9Wl1sqJs4rY4qaS/naJSau0UB1bZ858YzY37xXMOPhcVCCgZi46abRH8yJD8wB40bNx0Ub45 wI64R4YlcOQxDwyKEogu/uH6UhRk5GMaQBYJw32nt/MxeLsOS/dAna6D5lifJrQZBkTpl6xU7y+ qVj1EU4zvRO50tJZur1lMLD8eECUhI5vzoXw4qhiYc/2IWBbEi3pw9o2mdGGS8fXfx/z7mjBPoZ FqHDM0NiXbL1YROamz53/VIPdzSI1SbMSvzlOJDjjbE2jx6wV0mWTnnyF5r0yosREeQdn5QkbUX I3ieKRhvyuEpHJ7MzjWLOKDCAb0H22syhb7Io= X-Received: by 2002:a05:6a00:748a:b0:82c:ded1:261f with SMTP id d2e1a72fcca58-82d0db71bd7mr19605426b3a.27.1775718599659; Thu, 09 Apr 2026 00:09:59 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.09.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:09:59 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 13/22] freerdp3: fix CVE-2026-24683 Date: Thu, 9 Apr 2026 19:09:10 +1200 Message-ID: <20260409070919.3968586-13-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126135 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24683 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-24683.patch | 114 ++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 115 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24683.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24683.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24683.patch new file mode 100644 index 0000000000..8d24931b3d --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24683.patch @@ -0,0 +1,114 @@ +From da05a4039644b0821c0a61806d40688ac08f3ce0 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 12:08:48 +0100 +Subject: [PATCH] [channels,ainput] lock context when updating listener + +(cherry picked from commit d9ca272dce7a776ab475e9b1a8e8c3d2968c8486) + +CVE: CVE-2026-24683 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/d9ca272dce7a776ab475e9b1a8e8c3d2968c8486] +Signed-off-by: Ankur Tyagi +--- + channels/ainput/client/ainput_main.c | 36 ++++++++++++++++++++-------- + 1 file changed, 26 insertions(+), 10 deletions(-) + +diff --git a/channels/ainput/client/ainput_main.c b/channels/ainput/client/ainput_main.c +index 1a2128dcc..5f66cf90e 100644 +--- a/channels/ainput/client/ainput_main.c ++++ b/channels/ainput/client/ainput_main.c +@@ -45,6 +45,7 @@ struct AINPUT_PLUGIN_ + AInputClientContext* context; + UINT32 MajorVersion; + UINT32 MinorVersion; ++ CRITICAL_SECTION lock; + }; + + /** +@@ -85,18 +86,15 @@ static UINT ainput_on_data_received(IWTSVirtualChannelCallback* pChannelCallback + + static UINT ainput_send_input_event(AInputClientContext* context, UINT64 flags, INT32 x, INT32 y) + { +- AINPUT_PLUGIN* ainput = NULL; +- GENERIC_CHANNEL_CALLBACK* callback = NULL; + BYTE buffer[32] = { 0 }; +- UINT64 time = 0; + wStream sbuffer = { 0 }; + wStream* s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer)); + + WINPR_ASSERT(s); + WINPR_ASSERT(context); + +- time = GetTickCount64(); +- ainput = (AINPUT_PLUGIN*)context->handle; ++ const UINT64 time = GetTickCount64(); ++ AINPUT_PLUGIN* ainput = (AINPUT_PLUGIN*)context->handle; + WINPR_ASSERT(ainput); + + if (ainput->MajorVersion != AINPUT_VERSION_MAJOR) +@@ -105,8 +103,6 @@ static UINT ainput_send_input_event(AInputClientContext* context, UINT64 flags, + ainput->MajorVersion, ainput->MinorVersion); + return CHANNEL_RC_UNSUPPORTED_VERSION; + } +- callback = ainput->base.listener_callback->channel_callback; +- WINPR_ASSERT(callback); + + { + char ebuffer[128] = { 0 }; +@@ -125,10 +121,15 @@ static UINT ainput_send_input_event(AInputClientContext* context, UINT64 flags, + Stream_SealLength(s); + + /* ainput back what we have received. AINPUT does not have any message IDs. */ ++ EnterCriticalSection(&ainput->lock); ++ GENERIC_CHANNEL_CALLBACK* callback = ainput->base.listener_callback->channel_callback; ++ WINPR_ASSERT(callback); + WINPR_ASSERT(callback->channel); + WINPR_ASSERT(callback->channel->Write); +- return callback->channel->Write(callback->channel, (ULONG)Stream_Length(s), Stream_Buffer(s), +- NULL); ++ const UINT rc = callback->channel->Write(callback->channel, (ULONG)Stream_Length(s), ++ Stream_Buffer(s), NULL); ++ LeaveCriticalSection(&ainput->lock); ++ return rc; + } + + /** +@@ -140,8 +141,16 @@ static UINT ainput_on_close(IWTSVirtualChannelCallback* pChannelCallback) + { + GENERIC_CHANNEL_CALLBACK* callback = (GENERIC_CHANNEL_CALLBACK*)pChannelCallback; + +- free(callback); ++ if (callback) ++ { ++ AINPUT_PLUGIN* ainput = (AINPUT_PLUGIN*)callback->plugin; ++ WINPR_ASSERT(ainput); + ++ /* Lock here to ensure that no ainput_send_input_event is in progress. */ ++ EnterCriticalSection(&ainput->lock); ++ free(callback); ++ LeaveCriticalSection(&ainput->lock); ++ } + return CHANNEL_RC_OK; + } + +@@ -155,14 +164,21 @@ static UINT init_plugin_cb(GENERIC_DYNVC_PLUGIN* base, rdpContext* rcontext, rdp + context->handle = (void*)base; + context->AInputSendInputEvent = ainput_send_input_event; + ++ InitializeCriticalSection(&ainput->lock); ++ ++ EnterCriticalSection(&ainput->lock); + ainput->context = context; + ainput->base.iface.pInterface = context; ++ LeaveCriticalSection(&ainput->lock); + return CHANNEL_RC_OK; + } + + static void terminate_plugin_cb(GENERIC_DYNVC_PLUGIN* base) + { + AINPUT_PLUGIN* ainput = (AINPUT_PLUGIN*)base; ++ WINPR_ASSERT(ainput); ++ ++ DeleteCriticalSection(&ainput->lock); + free(ainput->context); + } + diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 8e53c47103..715354768a 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -30,6 +30,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24680_CVE-2026-27950.patch \ file://CVE-2026-24681.patch \ file://CVE-2026-24682.patch \ + file://CVE-2026-24683.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85604 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05B8FE9DE57 for ; Thu, 9 Apr 2026 07:10:13 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127045.1775718602995238363 for ; Thu, 09 Apr 2026 00:10:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=mh+/VfnP; spf=pass (domain: gmail.com, ip: 209.85.210.173, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-82cec955160so463257b3a.0 for ; Thu, 09 Apr 2026 00:10:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718602; x=1776323402; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eSOVxLbF2yRNmXldt/BPWNnzpP+B5RUCUgYv/Jai+SI=; b=mh+/VfnPkJJWA6GnKuMki2oGcvuWQtZRO8Om1dSF8iVz1qTknMZ4/2C1Piu8kICpTo bAtwWBtl+syrDGrMIiHuS2jEsLs6n1qOAkMGjFFIMxrMDQDQpfBDUMqjk3gHvIeG8kHQ hoH8gSyaxY3HYoSe7Coi98/CXeVf1mOvLO5SEfcJZajjb6Xp2u2NVTYhX5a9V9Dk9ocP hWTQFs1ULJXM6P/7kKKq02W5BQX8qfCsL8HA2F/MzR4hD8dLgiPzQWX5xqzdTnTK+e8s +KkVQX1C5IrL7bnJ7hG+3HgHYiv6T3W55PsZejQjcqlkkEJSVmZGHEbhNwNqCEmUftfk butQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718602; x=1776323402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=eSOVxLbF2yRNmXldt/BPWNnzpP+B5RUCUgYv/Jai+SI=; b=LQNjVAMGz8WYmOb6jwrpmubW7wWUe53kpJR424K6ChbkQ7Xomk+C51N5cWV25r/vW0 VXby7iVoZ69ph3Jl2fZ+Q0SPKhZgPzO41hu7dNwUF5j/uzZ2BCf7lmbFXJUrlNLK2a4L VRllSwjQaXQx547fBGC+TbsxWUhtuLNxrySdPlo7/YcoCVuQ+uuYwa/Sh1kRM7dN16m1 UkzKyYzPYeC0uEQ+hapB1Ar9aRvFLA79RB4//Qub3vEX0BvAS0XCV3fkEmy5USpqhr4O PJ5hY92RDI7CUJ3vVsIqAmEuLu/GPaBkMwTkNAdOZGJXSvqhLVFGikE3ARG6TxE3AvY8 lJVg== X-Gm-Message-State: AOJu0YzXRNsiQukmQwQZMbvtx1PIoFx4tfzewwV6jKD0NeSo3rdA6ST+ N6rZzbHw4HglwFl1SUXKYVOyZ5v0nG0T9WpYAuREgqJAe62t9uifSPct2bdg7Q== X-Gm-Gg: AeBDiesZr6FWHpfS0u8+VkXPnSixmu6tNkXECePhqf8sYoMvu6WGT4eq0lE79NUQ32b MCyskLyVDsgbhGINeiyG2T1xvTEFf7VE450+1dPpcvzXXO84E8rFfoDaoQYTU90AA/Z+hGt46R3 RveOKP6gNciPsMfW2Dmtme86SPJTx6qBccTetbCjWLi1hFT//JZmWArOoV3r8lrKbRifkURf/0T HAxqz6yKsKdGvbowXIs8/FQPD5te6rfObTCTcKIA1qR91UZWR9pkJDw5n5OvAjp2FudgVz4lm0u pjAFn9vkN65ulJ2oOiYBaWjJxBobOGFXSelWIrBf8AfQjujnuLa2F5WEAvPTFaG1bFIma1Y6/8q 2poBm1qO2Cse+nWvUra1dVULrp6VkHfW8RTxB6qVHJP+Y/R3Kp3E7BKCya28tetSciUqdh3amdH cGusIqlJP5KZOc24iWIy0b6/yEAG5UsR3SlK0= X-Received: by 2002:a05:6a00:2d0d:b0:82c:217c:98ca with SMTP id d2e1a72fcca58-82dd89c4141mr2740424b3a.12.1775718601997; Thu, 09 Apr 2026 00:10:01 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:01 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 14/22] freerdp3: fix CVE-2026-29774 Date: Thu, 9 Apr 2026 19:09:11 +1200 Message-ID: <20260409070919.3968586-14-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126136 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29774 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-29774.patch | 75 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 76 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29774.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29774.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29774.patch new file mode 100644 index 0000000000..aaf83fd90c --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29774.patch @@ -0,0 +1,75 @@ +From b590224c94effa3104a2db98a59478a9c4ed6f02 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Sat, 28 Feb 2026 11:38:23 +0100 +Subject: [PATCH] [codec,h264] validate rectangles before use + +CVE: CVE-2026-29774 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/6482b7a92fff3959582cef052d1967ad6bde3738] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/codec/h264.c | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) + +diff --git a/libfreerdp/codec/h264.c b/libfreerdp/codec/h264.c +index 718bd2ccf..13d592600 100644 +--- a/libfreerdp/codec/h264.c ++++ b/libfreerdp/codec/h264.c +@@ -91,6 +91,36 @@ BOOL avc420_ensure_buffer(H264_CONTEXT* h264, UINT32 stride, UINT32 width, UINT3 + return TRUE; + } + ++static BOOL isRectValid(UINT32 width, UINT32 height, const RECTANGLE_16* rect) ++{ ++ WINPR_ASSERT(rect); ++ if (rect->left > width) ++ return FALSE; ++ if (rect->right > width) ++ return FALSE; ++ if (rect->left >= rect->right) ++ return FALSE; ++ if (rect->top > height) ++ return FALSE; ++ if (rect->bottom > height) ++ return FALSE; ++ if (rect->top >= rect->bottom) ++ return FALSE; ++ return TRUE; ++} ++ ++static BOOL areRectsValid(UINT32 width, UINT32 height, const RECTANGLE_16* rects, UINT32 count) ++{ ++ WINPR_ASSERT(rects || (count == 0)); ++ for (size_t x = 0; x < count; x++) ++ { ++ const RECTANGLE_16* rect = &rects[x]; ++ if (!isRectValid(width, height, rect)) ++ return FALSE; ++ } ++ return TRUE; ++} ++ + INT32 avc420_decompress(H264_CONTEXT* h264, const BYTE* pSrcData, UINT32 SrcSize, BYTE* pDstData, + DWORD DstFormat, UINT32 nDstStep, UINT32 nDstWidth, UINT32 nDstHeight, + const RECTANGLE_16* regionRects, UINT32 numRegionRects) +@@ -101,6 +131,9 @@ INT32 avc420_decompress(H264_CONTEXT* h264, const BYTE* pSrcData, UINT32 SrcSize + if (!h264 || h264->Compressor) + return -1001; + ++ if (!areRectsValid(nDstWidth, nDstHeight, regionRects, numRegionRects)) ++ return -1013; ++ + status = h264->subsystem->Decompress(h264, pSrcData, SrcSize); + + if (status == 0) +@@ -523,6 +556,11 @@ INT32 avc444_decompress(H264_CONTEXT* h264, BYTE op, const RECTANGLE_16* regionR + if (!h264 || !regionRects || !pSrcData || !pDstData || h264->Compressor) + return -1001; + ++ if (!areRectsValid(nDstWidth, nDstHeight, regionRects, numRegionRects)) ++ return -1013; ++ if (!areRectsValid(nDstWidth, nDstHeight, auxRegionRects, numAuxRegionRect)) ++ return -1014; ++ + switch (op) + { + case 0: /* YUV420 in stream 1 diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 715354768a..f92d824d66 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -31,6 +31,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24681.patch \ file://CVE-2026-24682.patch \ file://CVE-2026-24683.patch \ + file://CVE-2026-29774.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85601 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4C8DE9DE50 for ; Thu, 9 Apr 2026 07:10:12 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127047.1775718605538404502 for ; Thu, 09 Apr 2026 00:10:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=m/h+Gk6A; spf=pass (domain: gmail.com, ip: 209.85.210.171, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-82ce49785a0so271277b3a.2 for ; Thu, 09 Apr 2026 00:10:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718605; x=1776323405; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=73q0c6VlcWOO0PmEZx+/mZLEDrP9nodvH+yPDRS92JU=; b=m/h+Gk6AM8NLgeimdR828gqR2d/DgzF/7GOpn687kEq6+FdsUn623GLQZj9EhmYEhs ipEW1DGsUc9PPFRqa1Lxk6HPx02blHcYx+qVZsBZbL8q4Grv1WJ+gBWbUzrnHrnuILJA eb7zlRcPXrCRgEYd/0aTJexgQj8gh3lkllK8e7ILzvzWldaVB8pk16GpmIB0v65izppQ OnWf55+8VN0akdildBMrdvcFSkWhzdGWMGC2poV+NwIZa6y28XakRtZDXWk6Qi3Pmy0b zKLa+iz9QRKRS1Bi2gVtfB6nmPq+IH0nEofQ33he9rhk0lX/6QtZilfNV0sTTUy2ufSC g7Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718605; x=1776323405; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=73q0c6VlcWOO0PmEZx+/mZLEDrP9nodvH+yPDRS92JU=; b=nBSVaetMT2QqAMT87fEE5MGuEzXEqSx3Dsh/D6T90mGdcJxX7VKb6dKc/w5UR+f1le oyWWg/VhyV9q5vfZcUNyHtQhMbxtCcY0kNGKFCntyz/KB2JYr0VGZ/QM8qHHNxAzNzLs oY7enf3lkzTRjkcu3/KLCMbrTl0H3dhKgYiFLXr7439zTEK7+2pfB7WBk72PADOhBJro AlhxPx3/cGerxCclIVGgJDtROk/h/gTwzqRjAdPcnYwaR6c/y2Y/LIb0yL0n6B7LcbaK NkzjsrbzCAjAYlVM3YKOLym1MRrd4VKwWnsZ3mlMMScLg215ZY8fnIOxysMCL6byFH78 sl5g== X-Gm-Message-State: AOJu0YxX/BF/ZwZ/aOW2WJpndov3IRtaRElGEjR5Ro2Cb/CuU4Vwlrka 2YrPIMRDdV2FadMw97pc8UKR9kVKqK+TZOxzLhP3yNMxXCOm1DNUVYVeqZ1AhQ== X-Gm-Gg: AeBDievulO9iqO1gnlCLkfJWdLO1aggQB4LKKyjqF+AUarlvQ1z9AKN4UOu9yYPMUEB 49GrtOgSENFDGTigdHtuK7kd3VPZieTDDlTx6oCISryEV9HRhxI7hCy728FdzGcMuHmdlSWsBJU qS+0IZQ8lUjLTB7h7KbRYXjQWgec39GO5IkxG73MzxaVh9g2BkyFc/zxFuNPs2WhdX4sUTUzP8D aV+2jtBUHBNN4FKStU5+CxREyAHR5FSngMxAQ5E3lMiWm2wLBNPaSt24gB2pTB6+2ljBnslUivV 0UOju1Y7rDz4ydPbxKJFtPDwF6KMgAsXOEXS4MTwNa5+8OcR4rZl6efjB9zIJwIbGT3YH+Avob8 ZbKf7TLGlaqorfOLPUPD/ZGxCz5v1/0fKrUdIdpUT0z+yc1C8xRRcdhllAk103ZRmTvDszUvQoM 6Exj5VxU3K/rWG0kr2sCnZBllr21ezqFpuOUM= X-Received: by 2002:a05:6a00:18a4:b0:827:37ef:7322 with SMTP id d2e1a72fcca58-82d0da2afacmr24776629b3a.2.1775718604701; Thu, 09 Apr 2026 00:10:04 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:04 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 15/22] freerdp3: fix CVE-2026-29775 Date: Thu, 9 Apr 2026 19:09:12 +1200 Message-ID: <20260409070919.3968586-15-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126137 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29775 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-29775.patch | 30 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29775.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29775.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29775.patch new file mode 100644 index 0000000000..584481e330 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29775.patch @@ -0,0 +1,30 @@ +From e4bfcb3197787e7af4246366b643c16de99f56a2 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Sat, 28 Feb 2026 11:38:55 +0100 +Subject: [PATCH] [cache,bitmap] overallocate bitmap cache + +(cherry picked from commit ffad58fd2b329efd81a3239e9d7e3c927b8e503f) + +CVE: CVE-2026-29775 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/ffad58fd2b329efd81a3239e9d7e3c927b8e503f] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/cache/bitmap.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libfreerdp/cache/bitmap.c b/libfreerdp/cache/bitmap.c +index dd5ae1d71..0d694dd3f 100644 +--- a/libfreerdp/cache/bitmap.c ++++ b/libfreerdp/cache/bitmap.c +@@ -364,7 +364,10 @@ rdpBitmapCache* bitmap_cache_new(rdpContext* context) + const UINT32 BitmapCacheV2NumCells = + freerdp_settings_get_uint32(settings, FreeRDP_BitmapCacheV2NumCells); + bitmapCache->context = context; +- bitmapCache->cells = (BITMAP_V2_CELL*)calloc(BitmapCacheV2NumCells, sizeof(BITMAP_V2_CELL)); ++ ++ /* overallocate by 1. older RDP servers do send a off by 1 cache index. */ ++ bitmapCache->cells = ++ (BITMAP_V2_CELL*)calloc(BitmapCacheV2NumCells + 1ull, sizeof(BITMAP_V2_CELL)); + + if (!bitmapCache->cells) + goto fail; diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index f92d824d66..e3d71ee854 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -32,6 +32,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24682.patch \ file://CVE-2026-24683.patch \ file://CVE-2026-29774.patch \ + file://CVE-2026-29775.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85605 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9912E9DE55 for ; Thu, 9 Apr 2026 07:10:12 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127051.1775718608055543459 for ; Thu, 09 Apr 2026 00:10:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=OFJ2GcaI; spf=pass (domain: gmail.com, ip: 209.85.210.172, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-82d029fd52eso412525b3a.2 for ; Thu, 09 Apr 2026 00:10:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718607; x=1776323407; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MluIiMAFJnPiWV2piK28yOe5zeJIFIbdnF16261BZDk=; b=OFJ2GcaI/i/JzXaKb51x2/Lwo0ym0mDYFug9f9sjopwEiqudDW7e5B42vMS/gT5T8G iLaaZ2c/9MCo1FZMmOMjGz8Wz4g/MeysLSZrb79YB1JK9DbSJ8uAnZ73yAxWaXiajH6l O8pUKVty11iR5QLt8K+1cW1/Ryy0QQzOFEP4Ged6K/mziHcnnpIyJe5/UEloR/4h+bF7 qYc2RDK2FwYuQvy8r7kglWSme2oDmLSEpVPyBTyjxXhQNuOHNQGoTbLyE9OTkRS+IriW FqkXoP7rrzRtH704WG2LMdkkK5jBAUJWoOSquNM0NS2KmBuyahxCJkXnSngWRsy/tZ0y D8Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718607; x=1776323407; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=MluIiMAFJnPiWV2piK28yOe5zeJIFIbdnF16261BZDk=; b=q/4qVPYUo4h/AdeHXEMMgFoA5qc3EInbQ4b86nSOEHoy8/l/QeHRAznW1eq3zeekbf BDc/pzk1bm4vw3TzE7GblK78ElUkzrKOCQzHWDysJs9WEshX5gyOMOIBur2mD2HrTsGH 9PwR+LwaeNnWeFNkpvpxjFyqnjcn8BV41DJiobRuelZeoZhPsnxRLyGqKfcDASiHLASG 0nNtPCjQJd2PjwMvokTl/hdLrd3m34p960TfcR16H4afMRnovhUMC6KFcP5PQUnY6axk FFFwaZK7F72iSt15XlYzT74Oq8Iysua49zIxJb78TZmAwoHV/IkwmIvYbsH4sxYmgbWN QAUA== X-Gm-Message-State: AOJu0YzLP5BKyyGbdmTwDjjK/Bh3CmORNCePUeWg6sSjYtpDD27hGqoG x45v7n5NSAUFNBr77XBfK+oLzkTjpmjtGIR7wcyo+Nu3slIdmuFkHyzY913QBg== X-Gm-Gg: AeBDiet9tNu69HdxYEi0KfJyUiXM5v73Ir9VCJIk4FupuMImnSba9UbQUgFo2Enlu2X 19jQrMhy+eaJr0kNF4lwd+EbdAxS1LOzpBWUfa52+6CuqcnZ2WBobhr5C4GCQ1hTVbNuxUWkr/v djD8vjH2NcWBDEEwPEVkqr6haJa1z6PnLARW0dEqV+NUDaL3eVQiQeThoz9FEypVBeR6NE5wTbh 6vZdNW2IZWt9NZs7uzBgImeUA3UFpBO2cZKVV9/CatrPBNMIZ9BFpohuTUG84Ns1i73TjVnd5R+ xaE2DoFrdFrh6JZto1R3EOWt1ZLAxhfd0PEU7OKFoJ7dhXZVlLoQZQV9dZDk39q2ZpDl36FM4bh vuCsLc7zfB9VqXuxWzawQUiNDB6bjKAnKvkIM1QrNrhO49l13ThKZnlxAiUT9yS2HAEsvha68He JMpcgz/wzD4zQFrlBDiVnAQv9zeEankdUvL/U= X-Received: by 2002:a05:6a00:124e:b0:82a:7758:1416 with SMTP id d2e1a72fcca58-82d0da504d0mr24534538b3a.12.1775718607083; Thu, 09 Apr 2026 00:10:07 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:06 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 16/22] freerdp3: fix CVE-2026-29776 Date: Thu, 9 Apr 2026 19:09:13 +1200 Message-ID: <20260409070919.3968586-16-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126138 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29776 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-29776.patch | 30 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch new file mode 100644 index 0000000000..0ab2114670 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch @@ -0,0 +1,30 @@ +From 145c0c5f048894e4a7d09a4465eab7551f035bb0 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Tue, 3 Mar 2026 13:58:09 +0100 +Subject: [PATCH] [core,orders] improve input validation + +check length before subtracting. Might underflow and be cought by the +next check, but lets be strict. + +(cherry picked from commit a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a) + +CVE: CVE-2026-29776 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/core/orders.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libfreerdp/core/orders.c b/libfreerdp/core/orders.c +index 855b700ac..a9d779418 100644 +--- a/libfreerdp/core/orders.c ++++ b/libfreerdp/core/orders.c +@@ -2214,6 +2214,8 @@ static CACHE_BITMAP_ORDER* update_read_cache_bitmap_order(rdpUpdate* update, wSt + goto fail; + + Stream_Read(s, bitmapComprHdr, 8); /* bitmapComprHdr (8 bytes) */ ++ if (cache_bitmap->bitmapLength < 8) ++ goto fail; + cache_bitmap->bitmapLength -= 8; + } + } diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index e3d71ee854..74f80ee948 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -33,6 +33,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-24683.patch \ file://CVE-2026-29774.patch \ file://CVE-2026-29775.patch \ + file://CVE-2026-29776.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85602 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1E85E9DE4F for ; Thu, 9 Apr 2026 07:10:12 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127053.1775718610284794894 for ; Thu, 09 Apr 2026 00:10:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=qTGAY/UD; spf=pass (domain: gmail.com, ip: 209.85.210.177, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-82cebbdab08so493576b3a.2 for ; Thu, 09 Apr 2026 00:10:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718609; x=1776323409; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8zvRK2L77iok/pCkfjGfuOusCt5Ua4baQaFE+K/6yTw=; b=qTGAY/UDUTzPxctGh7/w5LavejNsx5Dmx7littlgh7NNhwV2D6FXj0aB7HULuCxvh5 dkzEPp+zxgs1H6jKR8LxeM62D6w0PSTv0SGkg021Wmv/E9MScjyiPU8iUJtdAY/nYv/G YBqgS3ZjsGif9guxOWTB9Egg6+Y8JmKUO+WeDWaRdt7axLdtgjXcTS+8R44veIgja3OK j3EGw12MK88UdPjFC+GP0JQXcF19rgWXole2C42EffTqcMNNKhAKJE3jApYFeiZVKyTt cJl1s01ENwI+IfBTuP2BOtGavvjx7Fto4UbqV6i+Sg+y4A6vv4d0igKcKI4om4u/QK57 W2eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718609; x=1776323409; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=8zvRK2L77iok/pCkfjGfuOusCt5Ua4baQaFE+K/6yTw=; b=al8duNXk9XV2lj6lfaQH+XtB0vmDl1EsgUYVmfnxMwK5sqOdHpsP/7ksobHjFP3Bzk XSanJMyXEqG32VgY1xYCjDLksZVQnpW79fFnwea0SEY39tVTBd5PD91BD12pYYdCLhIW vveJypVTTY+K2kZs6upoFYW9QfLDRaQ52MlXelVjvnt4tF6ocwB/r36km09UaCPi4MFk TGAXK1RANKeWJAwFyJ7gBnMNuGFjFk0G864ewgkMPh3fMdqbu3a4Xx3cLrZZoxOBf+t0 Jjo3ZtkJoLotXeJ2qw8nooIzv8gEAgR0hBeJhSKyVWhre01RBzPIEp1vIFfc4GTqDN61 cOng== X-Gm-Message-State: AOJu0YxkhiIf7NIlYTWPBa9VxIkcMz6OsRqDN5Y7uIaFlxiAB6vFad/P tKOcpBm7S4lvJAiuy2jgYGK2AIr/DocCaYlxFyTxNx8DVEeim4BqOg5v4rGXSA== X-Gm-Gg: AeBDieuErGA3YyXVV7J7YIFhkdVcalPBJ8jJAAo/kbJRyAZf0Bv18xgepggHUNHg0Kf irgjE3QwKMSgg2Xp5JLijNBYSSddpQ+5ymE74ZeR20GZgr1QTUBz5Mf6dFtHArypMkrw/Y5SlwP /9YMh4EHxheRydZ+hA7DZhL2mfNl83DU2hFG/ieAIDhIcixa43iGkxqpKuwhRV7zUt/8kVlpqFD eVfRcITRRVeO5n8oL2McW/P3Nt8WPyp6oEU5gEwxTahJj+NVuk48TsR7kgHu73oOExwmIgEYZ9w wE6400CszN2L/PpOApE+hTHHyoLEjwGJvyago50YzRpaCNU6vfrKc0TFvUPjXHGTBpywtD10bWw RL6gjqPEHp4EfP22dLVf47of5h5M5C3imLi4o4YIDQYeD5fItAPWKzn+RunMflnGGvNwN3ZVRVI hnHlWj4k2RqYWRek1gqstQMHB4o85/pXXNbXQ= X-Received: by 2002:a05:6a00:23d5:b0:82c:9897:70e6 with SMTP id d2e1a72fcca58-82dd8aca852mr2483348b3a.34.1775718609488; Thu, 09 Apr 2026 00:10:09 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:09 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 17/22] freerdp3: fix CVE-2026-31806 Date: Thu, 9 Apr 2026 19:09:14 +1200 Message-ID: <20260409070919.3968586-17-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126139 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31806 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-31806.patch | 36 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31806.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31806.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31806.patch new file mode 100644 index 0000000000..112a924d83 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31806.patch @@ -0,0 +1,36 @@ +From 9bf461ad116d081134adf37da9d6faa9459d1ad6 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Mon, 9 Mar 2026 08:11:19 +0100 +Subject: [PATCH] [codec,nsc] limit copy area in nsc_process_message + +the rectangle decoded might not fit into the destination buffer. Limit +width and height of the area to copy to the one fitting. + +CVE: CVE-2026-31806 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/codec/nsc.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/libfreerdp/codec/nsc.c b/libfreerdp/codec/nsc.c +index c2d92e48c..1cee9918d 100644 +--- a/libfreerdp/codec/nsc.c ++++ b/libfreerdp/codec/nsc.c +@@ -494,7 +494,15 @@ BOOL nsc_process_message(NSC_CONTEXT* context, UINT16 bpp, UINT32 width, UINT32 + return FALSE; + } + +- if (!freerdp_image_copy(pDstData, DstFormat, nDstStride, nXDst, nYDst, width, height, ++ uint32_t cwidth = width; ++ if (1ull * nXDst + width > nWidth) ++ cwidth = nWidth - nXDst; ++ ++ uint32_t cheight = height; ++ if (1ull * nYDst + height > nHeight) ++ cheight = nHeight - nYDst; ++ ++ if (!freerdp_image_copy(pDstData, DstFormat, nDstStride, nXDst, nYDst, cwidth, cheight, + context->BitmapData, PIXEL_FORMAT_BGRA32, 0, 0, 0, NULL, flip)) + return FALSE; + diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 74f80ee948..66cc3305e8 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -34,6 +34,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-29774.patch \ file://CVE-2026-29775.patch \ file://CVE-2026-29776.patch \ + file://CVE-2026-31806.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85603 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 173CDE9DE59 for ; Thu, 9 Apr 2026 07:10:13 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127054.1775718612595120552 for ; Thu, 09 Apr 2026 00:10:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=pCHuBd+k; spf=pass (domain: gmail.com, ip: 209.85.210.174, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-82418b0178cso271546b3a.1 for ; Thu, 09 Apr 2026 00:10:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718612; x=1776323412; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dv9SBxQ2394wFxxrISgwuGSLrv+9iZoqTcNrlu8C5Ik=; b=pCHuBd+k+yd1rzxA88Y0nV/LzColMwHPt3hB9FhcXE7ghs2rWefBUXplytiu4W4Abk 1Bc4+fUVtK6l5Tfr9PAoHgDWoucW4DB1VQe1wYMFyM8+aXChc28RSZUGE9yksxl3tMmH gMah2AwrT6kxpuwNqendjN2iT7gry0hZF0N3M310UI9v9Y9hjSBBuU6H9CdI6m8yv59N H1f+qGH97M/M9HnRylRGuZljecj+OHS3BERQk8sFV4glxr4F7yGHQhwIA2BFkto2cCef iXZUPvzBYYJ+e5gm3rFuPFfmcqtCZud5Ezgt/kK52z4FbeQXmTuY58cNZQPfGj7nQCYd jZlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718612; x=1776323412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dv9SBxQ2394wFxxrISgwuGSLrv+9iZoqTcNrlu8C5Ik=; b=V2mHK7Kz6CcyYQOX6IHLOOETr39Et9psOyK6DD1yFHYoJLAweyAWWJ87lbMJQyKWMI WQfA+0cxikiv8AzPNDu5woWXi52ow9v7SgktTc62pdZzewAJ4lKe33K6iDYhYyYXzTsY DjUAiPiNf1Yr+zMiy5tLRhwWFhiB1hBPqvTQtcrne+3wZu4JXLLtGbZJUuVGbTrQ4Czs ql40IpZEEqIz8IhXI1tbEcHmaJz+MQy/YmNXrXip4EINKB2JrrMnBh6qcn9xkEUMaiuG H6ieAft4tEvCcgOl+KjJtKahVtazwnJB+8OgHquyb01T8H51mxGJf4buc1Rhw9vVAYhe DSsQ== X-Gm-Message-State: AOJu0YyCWojOzjRtgYTFRJ856ScyGGpzBiPkxJ3cUWCntSkMYBDMsiGm +eFh4/b5ceWy/dQhdnSzMMYIfAGh0mQBg4XjIA4kpA7eo34ZzDy5dukHCV7S7Q== X-Gm-Gg: AeBDietYpVW1eq1yozYVoU8a1qilpWPkT5AnjOIfpwVRIaSrkLqz4+3R665DbdAFArH Jvl1hnuv94LUZWnV22ylQTiNgDckssm1mRKVKxdMfOXxYmDqJDmfkX0l2g8t7FL5dlp/PaitJNH +/Cc/9b1I8DQhOevr19gND3t0xnMTX8QmvTAGWKHhzmFIIV3zKoDeMXuMuUcKISPcDi8c4QGzRN dGRCdSqYxecqKPlXsTRgQrd9PII7e04Sm/04C2hLg9xJY0zzFulPjMloPwMDP5GtpMpRrG8rReW 6ZYj1YZ3s1UFuQt/l68A3xmvP+pRBdYLnvhJ4ZO1oVmui6nEhsNMTYS16Vo2CPDZC1q/H7ha619 0c3XJNqg51wQ/Hs31HVJpsSNoj8EVAfgGM7oh+CvofdpEX+5fusT7hNonheJz3KoNwQXJo+YFmg aNg5CVAqyCBlYpXWdPRI4rMlmXqTULm/JD6GcMEEt6EpnR9Q== X-Received: by 2002:a05:6a00:a15:b0:82a:fc5:fb84 with SMTP id d2e1a72fcca58-82d0db53ef8mr24943952b3a.27.1775718611813; Thu, 09 Apr 2026 00:10:11 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:11 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 18/22] freerdp3: fix CVE-2026-31897 Date: Thu, 9 Apr 2026 19:09:15 +1200 Message-ID: <20260409070919.3968586-18-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126140 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31897 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-31897.patch | 28 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch new file mode 100644 index 0000000000..2d1b338171 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch @@ -0,0 +1,28 @@ +From 8a03413b6b154100076bfedf6388a348189a6791 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Tue, 10 Mar 2026 09:17:23 +0100 +Subject: [PATCH] [codec,planar] add early length check to avoid oob read + +CVE: CVE-2026-31897 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/codec/planar.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c +index 4b51a023e..f3e00f9e5 100644 +--- a/libfreerdp/codec/planar.c ++++ b/libfreerdp/codec/planar.c +@@ -720,9 +720,9 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT + + srcp = pSrcData; + +- if (!pSrcData) ++ if (!pSrcData || (SrcSize < 1)) + { +- WLog_ERR(TAG, "Invalid argument pSrcData=NULL"); ++ WLog_ERR(TAG, "Invalid argument pSrcData=%p [size=%" PRIu32 "]", pSrcData, SrcSize); + return FALSE; + } + diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 66cc3305e8..a45490e8f5 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -35,6 +35,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-29775.patch \ file://CVE-2026-29776.patch \ file://CVE-2026-31806.patch \ + file://CVE-2026-31897.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85608 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39451E9DE5A for ; Thu, 9 Apr 2026 07:10:23 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127055.1775718615192663666 for ; Thu, 09 Apr 2026 00:10:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Ul764VqQ; spf=pass (domain: gmail.com, ip: 209.85.210.179, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-827270d50d4so593942b3a.3 for ; Thu, 09 Apr 2026 00:10:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718614; x=1776323414; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=whGxB6MrxGPygqsQ4rAxxO+QCRbTvMtNupKhrxJrPyY=; b=Ul764VqQRw3dy8MQeIri3cg1uUHe0IUyklMP/yaOpW2ZuAvFoPBzm88Q/bVGSYGrFg ZhBRvWaMJvm5QZcUBcHIxLsFaAWU7x26nEmyoECLGT8uGyZHPZKHM+/FNfR0MSyYBaC8 egA0j5QSmFhYbbzR95oAe7kuLX/VxR4na86MeE1F4SEA/Xw9oEn0AumHkeMf5OpN+cYJ IJkaTrzLN0XGEH0oxOJTYjukPoE8UF2/SAob/IfXtoomMP9GskcmM5lpT3r6OFhMP8WT KSpUbe+9WTQGfm9XgmascSP8AalKl9Wfn82KutYHjjxyvfFThBRkTAlZd8zKLrSFsHGz px1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718614; x=1776323414; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=whGxB6MrxGPygqsQ4rAxxO+QCRbTvMtNupKhrxJrPyY=; b=o88aH3L1PN0PE+edwSNCsTw7uGANI9IEtj1qC+TMxMreWXi/Od2nCLXIulzZRq+ipA h49fmOAeYJBRgi6GuZaU9d0qyeshRPSc09cWKY7JD0wyCd+LizuY6pde3V7xbEyntMeU ogKkEkFmtaXbWLWI370O3o2hJJXTPLtIi88LfP5QzDBOy0vZO/NG/GjgWhmq+91tfnhM boDYazczatDxOaIG/xmHxOXtMRUyQ+UbckBPMtD9RSCoW8bqIWaiUJZBYt9MBWZtV0nK 7ldfEEdqJ4kombffH0/UexRNkLjwLMgDxnQv3Qi7qvAgA0HQe6cLa+Au6ruLK79xnWvk jx2w== X-Gm-Message-State: AOJu0YxFNOm/UsGJ56I5OScDVyze7JDYwJmJpaoe2Gij3bERbT5JkJq5 /zuHlR7NgNBRrxlep0NEVnIgdXiMcgWWzJX2HXqGIduYAQfSL3E03upkuPJxTQ== X-Gm-Gg: AeBDiet2QDH2oqHF1u52A1Jlk96ITH1TDOkkvgKyhGpQ2m+S4X6uvuveCveXYC1zaiV OtFQn057tfe+LDgADmgxwQmd1y8R1Mi5J9RJKRxLQusqD+8to526qBb9wUfQyuZTwixXKIt/+Mm IJwYm1+16i7nYpKrvk5Ygok6Ig2XG5sQNpLm+lVhYLIGNKUt6hrFvGxqSSkDiRHlcXsjM4qCrTI 0l4S0YttDJYLU2Zy9o/bz9On/+DoHEuXCvlaYG5vGMA5VtQOBwS7FOGDVkhqfWFXP0bsqOa9S7b aO7daia7z4WR4fbbYsDXl87iHWmb3qShWzX7zjGwWcbVJXGs/ykdr2jJEFY8IKTSBLb3qtddIGV eeSUlKtnx4XeUj740fCQIjkM36dhdi9SC2XyUiI0Xqz277/wQYfqIjpdF9YBVKn05kFkiwCIf1X ui9FQ23zXYDp/sobKVYid6eZykuB+7BPf3LeY= X-Received: by 2002:a05:6a00:800a:b0:82a:6d9d:3f85 with SMTP id d2e1a72fcca58-82d0dbbca07mr24799350b3a.48.1775718614371; Thu, 09 Apr 2026 00:10:14 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:14 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 19/22] freerdp3: fix CVE-2026-33984 Date: Thu, 9 Apr 2026 19:09:16 +1200 Message-ID: <20260409070919.3968586-19-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126141 From: Ankur Tyagi Detaisl: https://nvd.nist.gov/vuln/detail/CVE-2026-33984 Signed-off-by: Ankur Tyagi --- .../freerdp/freerdp3/CVE-2026-33984.patch | 34 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33984.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33984.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33984.patch new file mode 100644 index 0000000000..0aa5aeba63 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33984.patch @@ -0,0 +1,34 @@ +From d714759fc45ccf9ff179b912dd1714d0b4f2c5bc Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Wed, 25 Mar 2026 09:48:54 +0100 +Subject: [PATCH] [codec,clear] update CLEAR_VBAR_ENTRY::size after alloc + +(cherry picked from commit dc7fdb165095139be779a4000199bc1706b06ad5) + +CVE: CVE-2026-33984 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06ad5] +Signed-off-by: Ankur Tyagi +--- + libfreerdp/codec/clear.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libfreerdp/codec/clear.c b/libfreerdp/codec/clear.c +index 512aeae20..d94536986 100644 +--- a/libfreerdp/codec/clear.c ++++ b/libfreerdp/codec/clear.c +@@ -553,7 +553,6 @@ static BOOL resize_vbar_entry(CLEAR_CONTEXT* clear, CLEAR_VBAR_ENTRY* vBarEntry) + const UINT32 oldPos = vBarEntry->size * bpp; + const UINT32 diffSize = (vBarEntry->count - vBarEntry->size) * bpp; + +- vBarEntry->size = vBarEntry->count; + BYTE* tmp = + (BYTE*)winpr_aligned_recalloc(vBarEntry->pixels, vBarEntry->count, 1ull * bpp, 32); + +@@ -566,6 +565,7 @@ static BOOL resize_vbar_entry(CLEAR_CONTEXT* clear, CLEAR_VBAR_ENTRY* vBarEntry) + + memset(&tmp[oldPos], 0, diffSize); + vBarEntry->pixels = tmp; ++ vBarEntry->size = vBarEntry->count; + } + + if (!vBarEntry->pixels && vBarEntry->size) diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index a45490e8f5..de752b4376 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -36,6 +36,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-29776.patch \ file://CVE-2026-31806.patch \ file://CVE-2026-31897.patch \ + file://CVE-2026-33984.patch \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85606 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11325E9DE50 for ; Thu, 9 Apr 2026 07:10:23 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127056.1775718618293867308 for ; Thu, 09 Apr 2026 00:10:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=LUwqOYgn; spf=pass (domain: gmail.com, ip: 209.85.215.171, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-c742b9b7727so187435a12.0 for ; Thu, 09 Apr 2026 00:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718617; x=1776323417; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=00RQOokKaC5am9I7qdgcPBi5+qnJv+71xl1/N9uduTg=; b=LUwqOYgnSmq1Y66iN+/Pz/3UJKu/88W+8Q1ajwAZBX29xoYk0mrNO5W0KNSCEDlan1 xtsaKM+1SXOmkn6JtEzDrJWoG/i9Qkwxa6CydgeDjCSRVavWHuatCYwe3ucyMFC38LET 1eqvOM54h95uOXBVefpBIT5izo5KgPziZI/9/zTs/OfRk6vuNpMoUxp+N2VYEnGOdfQb 1MYkoAPX7ZVMPIxnVDlZcGT3cATfFMv+kJUfZU5ww+ajrRbw14yuInfcSO+tnsga0MPX vseaN5XDkM2jdsVuNrVEVUosm65wSoRdMuSJj5vbeayGKFN7sdvmcnxcB6SMyrCH57Uj SD5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718617; x=1776323417; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=00RQOokKaC5am9I7qdgcPBi5+qnJv+71xl1/N9uduTg=; b=IWvkmOSzdn7YfjrlqdM2ecK2YRCDXzUgkhVMnqLTjwFI5Ko7kShBv1qDfwYL+ZmpvO EgRg77aL90jysTR63GcNo9uNinG2GZsuQIUI7plc3jtTl40M1AahTUc5oGjjm46xThq+ +9p/Wzf+ajuwFpLBfYigN6qYJPV9/3lPT89AKkxsOA5asLHj/3IC6b0KMkKu7LySGdaN hpSw04AWMJbteC031NhBCihj/kE8xmW44K/XgZKiIeKK/9DS0S1An9E6q3ZkjWgS/aWt q9f/s00g4tt6jVasG3i59GNfjuOXSLSG4iIDVqOQIT8RpViTDFAm9bgKRlKuYLIRJFVX x73Q== X-Gm-Message-State: AOJu0YyYSXvybzLLfOMS5bP3E3n+yz3zIRrPOAqJAI3mt+Ka14Lb4/UP 95lO3OaOGW0eMCpJ5zZuBZhO/Bh5kFNFYKKcwUoMxt27M5z+q8Dc37eTE5F0YA== X-Gm-Gg: AeBDiev02Q2Wl5CKnDZAviCqAiql3MH5UrRtYoQxnVYcSJZKJAxPPquXJ+CROFt9FR2 ATCBPbYbcir+RlLI1p+YE+FU8uGzNcqSK2qTQrzYNgG2ixPG9NUDzAP9k/te8u5eF8Deg3ecprS ZIeO1wqaxo/7M44hg+iTkqXVj7jwXQ7Dzlw9oyiBOTKoFqxz2+0cs6J25IPE7TsCo6Nk2KqXWUd veP1hu8GIOP5Zesdxt9OU0u8dXh4C4uPLZLIbRwn4KjHkZOWcmH7RXhrqVuf2w2ikwGkEdLovds 9TvwT7N5BXSty7ae1TO1YyCizNvem0avobkrZX3mTaEtYf8jNwICuF9CU9d9ysWmg0AdjPJcjmx TIa1dMDdksSwLVPnwTbZ7alE8Dmf+xgsRh332XfFiQQ74PdYF3mvEAIlL45cUagXIjexdc2Mmzn A1eQwOxFsiybzBDon7//9D62Tf9dxvnL8x4v0= X-Received: by 2002:a05:6a00:10c9:b0:822:69b2:7ed0 with SMTP id d2e1a72fcca58-82dd8a5beffmr2055321b3a.6.1775718617499; Thu, 09 Apr 2026 00:10:17 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:17 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 20/22] giflib: patch CVE-2025-31344 Date: Thu, 9 Apr 2026 19:09:17 +1200 Message-ID: <20260409070919.3968586-20-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126142 From: Gyorgy Sarvari Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344 Backport the commit that mentions this CVE ID explicitly in its message. Signed-off-by: Gyorgy Sarvari Signed-off-by: Ankur Tyagi --- .../giflib/giflib/CVE-2025-31344.patch | 28 +++++++++++++++++++ .../recipes-devtools/giflib/giflib_5.2.2.bb | 3 +- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch diff --git a/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch new file mode 100644 index 0000000000..8f52154955 --- /dev/null +++ b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch @@ -0,0 +1,28 @@ +From 949bf7ded2c23449439e2c3e1f63368cf7985800 Mon Sep 17 00:00:00 2001 +From: "Eric S. Raymond" +Date: Wed, 18 Feb 2026 18:06:50 -0500 +Subject: [PATCH] Resolve SourceForge bug #187: CVE-2025-31344 + +CVE: CVE-2025-31344 +Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/7bbe8ea1a595bb7509ffa0a86b076e9b720e85af] +Signed-off-by: Gyorgy Sarvari +--- + gif2rgb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gif2rgb.c b/gif2rgb.c +index d51226d..4ce2104 100644 +--- a/gif2rgb.c ++++ b/gif2rgb.c +@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag, + GifRow = ScreenBuffer[i]; + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); + for (j = 0; j < ScreenWidth; j++) { ++ /* Check if color is within color palete */ ++ if (GifRow[j] >= ColorMap->ColorCount) { ++ GIF_EXIT(GifErrorString( ++ D_GIF_ERR_IMAGE_DEFECT)); ++ } + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; + Buffers[0][j] = ColorMapEntry->Red; + Buffers[1][j] = ColorMapEntry->Green; diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb index 8226e9b6c7..c26f3cf160 100644 --- a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb +++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb @@ -11,7 +11,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \ https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \ file://0001-Makefile-fix-typo-in-soname-argument.patch \ file://CVE-2026-23868.patch \ -" + file://CVE-2025-31344.patch \ + " SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9" SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb" From patchwork Thu Apr 9 07:09:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85607 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CFA2E9DE58 for ; Thu, 9 Apr 2026 07:10:23 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127057.1775718620836269418 for ; Thu, 09 Apr 2026 00:10:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=INxXGzEE; spf=pass (domain: gmail.com, ip: 209.85.215.177, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-c742b9b7727so187438a12.0 for ; Thu, 09 Apr 2026 00:10:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718620; x=1776323420; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vLRYJ4CcI6KicDYQ0XXNud9LeO9Ylifvc3gua8nzVtY=; b=INxXGzEE9K5pcnhzEKfXm1weX+fVCIrB8sk/IsL1JHR+uCqeozq9qnS2IJbycCyRHo lR88f3Et8eNPfvg+8Cvbo0JdYG/vq5tlEDf+nmraxlbKRmG++YblRnJoYWtpFJaVhWta 5It6fUX2trpTUgmU8dW10R/OSptbCbDDKqErye1LZ8gqYl9aGI1mq73Wn+KQyNGOTzyx MpsXhdjZgthrZnSySYWROtgGzGQxn3MgDmLIIeuy44FaeY6legAuxJYxWR8ExoXcTg6D JcfnMia+KpRFbIeOeGDfFkJKkBKoVxf/wiNdn3VYKsOwC4ngFhQf2o3QT3fDINgzUDXR WPBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718620; x=1776323420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=vLRYJ4CcI6KicDYQ0XXNud9LeO9Ylifvc3gua8nzVtY=; b=N/PfQ3HbRR8R5DjAla3MXS9sjQNUzio0lyKwDmFCcVy+/gjN8oIdeIig6zJnd3FMIx v8RPEVHnE31PXvaTEwqlFQ72ZqY8xcFrG3hJ4xSQsezVhGgjLaukf3ZFJrZQ/VX9V6uL FC4sJAZ5A5vorjIUlmMycafbagdxBCqdf717KOwB+QXPjsluTaX5lOEeoGzU/5Yhyg91 I8Jix9cpXePqcPJrpPJ7tOACNGj7vRA5DIbLz3/kvACV7JQN1UL+mSjsKNVCGVfOZpUs YdcddhUGKmHqeAhmvjEoW/nxdUq6bZWo7+AC+6/UhoS+Rizxp27IHkHV7YHDVfaJFTfm 0Ppw== X-Gm-Message-State: AOJu0YwsA1YbGJK4eijCoaChRWZWBrpuknWTQxUjuI/r7QuzU2C10bby yvPVQY22bv07utkCZR2euJYaRSRP7AqRCmpOZ9AcCUwTTEd0oJXsptbjoRHomw== X-Gm-Gg: AeBDieu/tAi4ItFijz4KZ7VeM/iqhoz9D085uDRghCTFsuPvT7C6KHx3cRBlar0tmji mSShu+e5VK38NJCvSSrJ4fxx+nU58y/OArSRTLR/7cqIt0giJQ8ANN5eEgBJ74is34+9RZdaXpk jV/2MGHK333uB8OXA1HvFV+ocVEPAyubrzH2dyqUvgdWnzJtRWrrEi9kgLUAtAVQhfrMEnzZmaj o+qNmIs8IVu30hrWEsDQ83EGK4bCydU9fd71QJ/GnzwSHsi6Lopedx4Wc2KxzDYKiqaXfeq8aLN /s9XYi/5TzQmsQY69jBwQIy3AtTdnq/bRMZEVLVkERgbde0BW+1JrXJy0nyqUBgpMurbmaOto1p KVKlDXgT29gzBytVZda8ovVQnXR2Zndyey/aE7WgzZzvrATkldpX9QJ37wLQmMw7zH3B4rqaz9U e0Hxc8bsTo3dmPBi8IAF3ZqzF+s2WFhymjbRNaUwK9Jrdu0g== X-Received: by 2002:a05:6a00:10c7:b0:829:7a62:6a with SMTP id d2e1a72fcca58-82dd8b1c171mr2233869b3a.22.1775718619941; Thu, 09 Apr 2026 00:10:19 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:19 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-multimedia][scarthgap][PATCH 21/22] libde265: upgrade 1.0.12 -> 1.0.16 Date: Thu, 9 Apr 2026 19:09:18 +1200 Message-ID: <20260409070919.3968586-21-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126143 From: Ankur Tyagi Dropped patches which are part of the upstream version. https://github.com/strukturag/libde265/releases/tag/v1.0.16 https://github.com/strukturag/libde265/releases/tag/v1.0.15 https://github.com/strukturag/libde265/releases/tag/v1.0.14 https://github.com/strukturag/libde265/releases/tag/v1.0.13 Signed-off-by: Ankur Tyagi --- .../libde265/libde265/CVE-2023-43887.patch | 39 ----------------- .../libde265/libde265/CVE-2023-47471.patch | 42 ------------------- ...{libde265_1.0.12.bb => libde265_1.0.16.bb} | 4 +- 3 files changed, 1 insertion(+), 84 deletions(-) delete mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch delete mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch rename meta-multimedia/recipes-multimedia/libde265/{libde265_1.0.12.bb => libde265_1.0.16.bb} (84%) diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch deleted file mode 100644 index f8ab0e1e40..0000000000 --- a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e31a5389f2a4967b9ca298a3435d1af2f9a04cda Mon Sep 17 00:00:00 2001 -From: Dirk Farin -Date: Fri, 1 Sep 2023 21:18:48 +0200 -Subject: [PATCH] fix #418 - -CVE: CVE-2023-43887 -Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133] -(cherry picked from commit 63b596c915977f038eafd7647d1db25488a8c133) -Signed-off-by: Ankur Tyagi ---- - libde265/decctx.cc | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/libde265/decctx.cc b/libde265/decctx.cc -index 223a6aaf..350f7e7a 100644 ---- a/libde265/decctx.cc -+++ b/libde265/decctx.cc -@@ -582,16 +582,17 @@ de265_error decoder_context::read_pps_NAL(bitreader& reader) - std::shared_ptr new_pps = std::make_shared(); - - bool success = new_pps->read(&reader,this); -+ if (!success) { -+ return DE265_WARNING_PPS_HEADER_INVALID; -+ } - - if (param_pps_headers_fd>=0) { - new_pps->dump(param_pps_headers_fd); - } - -- if (success) { -- pps[ (int)new_pps->pic_parameter_set_id ] = new_pps; -- } -+ pps[ (int)new_pps->pic_parameter_set_id ] = new_pps; - -- return success ? DE265_OK : DE265_WARNING_PPS_HEADER_INVALID; -+ return DE265_OK; - } - - de265_error decoder_context::read_sei_NAL(bitreader& reader, bool suffix) diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch deleted file mode 100644 index 3d66758e49..0000000000 --- a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 78bd5752157f34e822cefd8ff8959a96a26b4841 Mon Sep 17 00:00:00 2001 -From: Dirk Farin -Date: Sat, 4 Nov 2023 15:20:50 +0100 -Subject: [PATCH] null-pointer check in debug output (fixes #426) - -CVE: CVE-2023-47471 -Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7] -(cherry picked from commit e36b4a1b0bafa53df47514c419d5be3e8916ebc7) -Signed-off-by: Ankur Tyagi ---- - libde265/slice.cc | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/libde265/slice.cc b/libde265/slice.cc -index 280b7417..435123dc 100644 ---- a/libde265/slice.cc -+++ b/libde265/slice.cc -@@ -1277,14 +1277,23 @@ void slice_segment_header::dump_slice_segment_header(const decoder_context* ctx, - #define LOG3(t,d1,d2,d3) log2fh(fh, t,d1,d2,d3) - #define LOG4(t,d1,d2,d3,d4) log2fh(fh, t,d1,d2,d3,d4) - -+ LOG0("----------------- SLICE -----------------\n"); -+ - const pic_parameter_set* pps = ctx->get_pps(slice_pic_parameter_set_id); -+ if (!pps) { -+ LOG0("invalid PPS referenced\n"); -+ return; -+ } - assert(pps->pps_read); // TODO: error handling - - const seq_parameter_set* sps = ctx->get_sps((int)pps->seq_parameter_set_id); -+ if (!sps) { -+ LOG0("invalid SPS referenced\n"); -+ return; -+ } - assert(sps->sps_read); // TODO: error handling - - -- LOG0("----------------- SLICE -----------------\n"); - LOG1("first_slice_segment_in_pic_flag : %d\n", first_slice_segment_in_pic_flag); - if (ctx->get_nal_unit_type() >= NAL_UNIT_BLA_W_LP && - ctx->get_nal_unit_type() <= NAL_UNIT_RESERVED_IRAP_VCL23) { diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb similarity index 84% rename from meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb rename to meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb index e32a2af51c..e77d23db88 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb @@ -9,11 +9,9 @@ LICENSE_FLAGS = "commercial" LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \ - file://CVE-2023-43887.patch \ - file://CVE-2023-47471.patch \ file://CVE-2025-61147.patch \ " -SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c" +SRCREV = "7ba65889d3d6d8a0d99b5360b028243ba843be3a" S = "${WORKDIR}/git" From patchwork Thu Apr 9 07:09:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85609 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 353DEE9DE58 for ; Thu, 9 Apr 2026 07:10:33 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.127058.1775718623109459147 for ; Thu, 09 Apr 2026 00:10:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Tb5WYVel; spf=pass (domain: gmail.com, ip: 209.85.215.181, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-c742d4df00cso210394a12.1 for ; Thu, 09 Apr 2026 00:10:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718622; x=1776323422; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BWEIfbsbChUU8POWayIxl2uZ7uUioNnzk3f2JuTbX+w=; b=Tb5WYVeloJExwtcSaKvhJgZG6q/csKo3OWzh0YwCqHgyX9YORLAs1jGs7H0/1P+5Bg wFOmLMG42rXmyO4comcSDBrG7/Hq0/pozTncl0ygJuz4gyXBIaSw+i9d8glo9dssVWnu VQH9xf6/612ar+0QLxK5Sq683fGPxNrRAIvlyAo2dm78eisYieAeuWw30QfClGczJWTm wrLaa+jNmw8fnL5br9kU0yoviU9z9I+P9rI0T5QOaEuTCf/5D1xhOs+rbuy9SfHx9VJM mU6FVYDyd5h+IDBphZPcqhk2S/YmudDDsIlHWso+M4dq6Zsv1gcMYH2VmamyIabntR9z t6KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718622; x=1776323422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BWEIfbsbChUU8POWayIxl2uZ7uUioNnzk3f2JuTbX+w=; b=J8K3RCSBqaXV/ZJ9AWUBPvNsJBYbt283zWkTroOEiXtDfshbCkvJX1C226L9k4x/xK /f9rIoPPzlkzOG39QxoaFutIzOxfgMKY/JtX8UmxH6sEChG42cn9pIrZI6KxwgmT7WsU E8KzRm9QCl+P9bl85NHWvLDRL/jG2sxjt6F5su3qWCF+B897QI8WD5WN0neKE0vBl2Sl /Z0CtjpNNV7PEBp/aG6RcDP4wpbEPihASYWYRoHv506dhj5+FSLKHsK5jdx0T9xo+FFN PJx5cbPQiJs7pBgpdkIVb5qzRRNCNbT5qfhxcRADJwZtnACIAE3+WVvi2WSwVcQ2Tcq2 OzvA== X-Gm-Message-State: AOJu0YyWoNahX7AeHqIAt9zjWqzROmfU9QBAkycry3Li1/6GLMv1SMyr FVT/7MGATQ8NGBJFpGOxxTdzzk3Lwy/NDsj9c3RGuEhR3fTW4a28TY6tqZlVWg== X-Gm-Gg: AeBDieslaidRW3Qlr4pfC394dOcAtOneI67OkVZP3rR8HC6V7hryjj46xK43RkadmZK 6SrCWIbNYcXMMVZ8tWAuNCIeUaQy4Ysi0jl5KjXTX3wmbhl/Byxai9Eu3GoHcWLwvHw/xc8hs0z tnuuejPIu6AZ7BlR0MCucuUKu9+2yFsGqYqRLixxE7/ccMkMxzYMVmAg67o/NHR6B9bE/yI31xi MxM5X8wsXqUxCGz7eMOVNyrQoADBZH1C3u4750LLfJL/Um/S312DQDvv35xgD14xMdlCgULV5PX eBqYOGLBoT1C/djOJFX58KXomiOCQj07SLsJ/ALgZvOvtwPXCdSiY1xw6CCupVjAo0LnS7qHyS7 s6Pke/ZI+OO1r0jwpDRUAbN6JA/asYt0Hr7Iy9W7m87MVE9N5+ZQPc4Ht6GnS2RpK/6tyJRL06H ACyj4pEiFF7BUjef+JycDjwlEdw7MJRHwg0FQ= X-Received: by 2002:a05:6a20:6a1a:b0:398:7daf:6d7e with SMTP id adf61e73a8af0-39fc943b254mr2407837637.17.1775718622357; Thu, 09 Apr 2026 00:10:22 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.51]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9b21c92sm24764936b3a.11.2026.04.09.00.10.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:10:22 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 22/22] libraw: ignore CVE-2026-5318 Date: Thu, 9 Apr 2026 19:09:19 +1200 Message-ID: <20260409070919.3968586-22-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> References: <20260409070919.3968586-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 07:10:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126144 From: Ankur Tyagi Vulnerability exists in the function which was added in version 0.22.0[1] Details: https://nvd.nist.gov/vuln/detail/CVE-2026-5318 [1] https://github.com/LibRaw/LibRaw/commit/12b0e5d60c57bb795382fda8494fc45f683550b8 Signed-off-by: Ankur Tyagi --- meta-oe/recipes-support/libraw/libraw_0.21.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb index 1303c0e8ac..d285dcefff 100644 --- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb +++ b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb @@ -14,3 +14,5 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig DEPENDS = "jpeg jasper lcms" + +CVE_STATUS[CVE-2026-5318] = "cpe-incorrect: The current version (0.21.2) is not affected."