The CVE is also ignored in the same recipe, because it is a Windows- only vulnerability. Due to this, the patch isn't required.
Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../freerdp/freerdp3/CVE-2025-68118.patch | 57 ------------------- .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 - 2 files changed, 58 deletions(-) delete mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch deleted file mode 100644 index 8077d61292..0000000000 --- a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 054ff633bb1eac3d165a501d5eb691af1faf0538 Mon Sep 17 00:00:00 2001 -From: akallabeth <[email protected]> -Date: Sat, 13 Dec 2025 17:28:43 +0100 -Subject: [PATCH] [crypto,certificate_data] add some hostname sanitation - -CVE: CVE-2025-68118 -Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/83d96a81f320cb8a047fd4ef059a6fe4016dbeec] -(cherry picked from commit 83d96a81f320cb8a047fd4ef059a6fe4016dbeec) -Signed-off-by: Ankur Tyagi <[email protected]> ---- - libfreerdp/crypto/certificate_data.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/libfreerdp/crypto/certificate_data.c b/libfreerdp/crypto/certificate_data.c -index a48beb448..6408d5d3c 100644 ---- a/libfreerdp/crypto/certificate_data.c -+++ b/libfreerdp/crypto/certificate_data.c -@@ -33,6 +33,8 @@ - #include <freerdp/crypto/certificate_data.h> - - #include "certificate.h" -+#include <freerdp/log.h> -+#define TAG FREERDP_TAG("crypto.certificate_data") - - #include <freerdp/log.h> - #define TAG FREERDP_TAG("crypto") -@@ -64,8 +66,9 @@ static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data) - WINPR_ASSERT(data); - - freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash, -- sizeof(data->cached_hash)); -- if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0) -+ sizeof(data->cached_hash) - 1); -+ const size_t len = strnlen(data->cached_hash, sizeof(data->cached_hash)); -+ if ((len == 0) || (len >= sizeof(data->cached_hash))) - goto fail; - - data->cached_subject = freerdp_certificate_get_subject(data->cert); -@@ -97,6 +100,11 @@ static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostn - - if (!hostname || !xcert) - goto fail; -+ if (strnlen(hostname, MAX_PATH) >= MAX_PATH) -+ { -+ WLog_ERR(TAG, "hostname exceeds length limits"); -+ goto fail; -+ } - - certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData)); - -@@ -251,5 +259,5 @@ char* freerdp_certificate_data_hash(const char* hostname, UINT16 port) - { - char name[MAX_PATH + 10] = { 0 }; - freerdp_certificate_data_hash_(hostname, port, name, sizeof(name)); -- return _strdup(name); -+ return strndup(name, sizeof(name)); - } diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 6e27efb5ce..55cb356be2 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -20,7 +20,6 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2024-32661.patch \ file://CVE-2024-32662.patch \ file://CVE-2025-4478.patch \ - file://CVE-2025-68118.patch \ " S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123357): https://lists.openembedded.org/g/openembedded-devel/message/123357 Mute This Topic: https://lists.openembedded.org/mt/117219895/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
