freerdp: patch CVE-2026-23530

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23530 The related Github advisory[1] contains an amalysis of the vulenrability, describing the issue and the root cause also. Backported the commit that implemented the solution described in the advisory. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-02-24 18:04:46 +0100
committer: Khem Raj <raj.khem@gmail.com> 2026-02-24 22:30:31 -0800
commit: df8905be0f212fc43d494e55d89934db75a58e40 (patch)
tree: 89e1fba060d4240ce48d1d91a5ffc0d1740a1800
parent: 64c630c0cb7181e669b2cf1c6e2edb2e477562eb (diff)
download: meta-openembedded-df8905be0f212fc43d494e55d89934db75a58e40.tar.gz
2 files changed, 29 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch
new file mode 100644
index 0000000000..4aac13de93
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch
@@ -0,0 +1,28 @@
+From 6f61d18e9707cebe9d7d64346c66da780c7094c4 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 15 Jan 2026 12:02:02 +0100
+Subject: [PATCH] fix decoder length checks
+CVE: CVE-2026-23530
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/codec/planar.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
+index fe27011e1..1cb2e22bc 100644
+--- a/libfreerdp/codec/planar.c
+++ b/libfreerdp/codec/planar.c
+@@ -616,6 +616,11 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+        WINPR_ASSERT(planar);
+        WINPR_ASSERT(prims);
+ 
+       if (planar->maxWidth < nSrcWidth)
+               return FALSE;
+       if (planar->maxHeight < nSrcHeight)
+               return FALSE;
+
+        if (nDstStep <= 0)
+                nDstStep = nDstWidth * GetBytesPerPixel(DstFormat);
+ 
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
index 63dc177cbe..d4efcccdbd 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
           file://CVE-2026-22854.patch \
           file://CVE-2026-22855.patch \
           file://CVE-2026-22852.patch \
+           file://CVE-2026-23530.patch \
           "
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-02-24 18:04:46 +0100
committer	Khem Raj <raj.khem@gmail.com>	2026-02-24 22:30:31 -0800
commit	df8905be0f212fc43d494e55d89934db75a58e40 (patch)
tree	89e1fba060d4240ce48d1d91a5ffc0d1740a1800
parent	64c630c0cb7181e669b2cf1c6e2edb2e477562eb (diff)
download	meta-openembedded-df8905be0f212fc43d494e55d89934db75a58e40.tar.gz

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch new file mode 100644 index 0000000000..4aac13de93 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch
@@ -0,0 +1,28 @@
		1	From 6f61d18e9707cebe9d7d64346c66da780c7094c4 Mon Sep 17 00:00:00 2001
		2	From: akallabeth <akallabeth@posteo.net>
		3	Date: Thu, 15 Jan 2026 12:02:02 +0100
		4	Subject: [PATCH] fix decoder length checks
		5
		6	CVE: CVE-2026-23530
		7	Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500]
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	libfreerdp/codec/planar.c \| 5 +++++
		11	1 file changed, 5 insertions(+)
		12
		13	diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
		14	index fe27011e1..1cb2e22bc 100644
		15	--- a/libfreerdp/codec/planar.c
		16	+++ b/libfreerdp/codec/planar.c
		17	@@ -616,6 +616,11 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
		18	WINPR_ASSERT(planar);
		19	WINPR_ASSERT(prims);
		20
		21	+ if (planar->maxWidth < nSrcWidth)
		22	+ return FALSE;
		23	+ if (planar->maxHeight < nSrcHeight)
		24	+ return FALSE;
		25	+
		26	if (nDstStep <= 0)
		27	nDstStep = nDstWidth * GetBytesPerPixel(DstFormat);
		28


diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb index 63dc177cbe..d4efcccdbd 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
27	file://CVE-2026-22854.patch \	27	file://CVE-2026-22854.patch \
28	file://CVE-2026-22855.patch \	28	file://CVE-2026-22855.patch \
29	file://CVE-2026-22852.patch \	29	file://CVE-2026-22852.patch \
		30	file://CVE-2026-23530.patch \
30	"	31	"
31		32
32		33