From c2f288df7859aa3891f6ae82b1c1911c3740407d Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Fri, 10 Jul 2026 18:55:30 -0400 Subject: [PATCH] import Oracle_OSS freerdp-2.11.7-7.el9_8.4 --- SOURCES/codec-planar-fix-bounds-checks.patch | 31 ++++++++++++++++++++ SPECS/freerdp.spec | 10 ++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 SOURCES/codec-planar-fix-bounds-checks.patch diff --git a/SOURCES/codec-planar-fix-bounds-checks.patch b/SOURCES/codec-planar-fix-bounds-checks.patch new file mode 100644 index 0000000..5550992 --- /dev/null +++ b/SOURCES/codec-planar-fix-bounds-checks.patch @@ -0,0 +1,31 @@ +From 4b93945cf5f9b85d17705d038955ee59c4b669a0 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Thu, 30 Apr 2026 15:03:21 +0200 +Subject: [PATCH] [codec,planar] fix bounds checks + +--- + libfreerdp/codec/planar.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c +index 9b4d13057..67fc4212e 100644 +--- a/libfreerdp/codec/planar.c ++++ b/libfreerdp/codec/planar.c +@@ -841,12 +841,12 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT + return FALSE; + } + +- if ((nXDst + nSrcWidth) * bpp > nDstStep) ++ if ((nXDst + nSrcWidth) * bpp > nTempStep) + { + WLog_ERR(TAG, + "planar plane destination (X %" PRIu32 " + width %" PRIu32 + ") * bpp %" PRIu32 " exceeds stride %" PRIu32, +- nXDst, nSrcWidth, bpp, nDstStep); ++ nXDst, nSrcWidth, bpp, nTempStep); + return FALSE; + } + +-- +2.52.0 + diff --git a/SPECS/freerdp.spec b/SPECS/freerdp.spec index 0aaefa5..7cc304f 100644 --- a/SPECS/freerdp.spec +++ b/SPECS/freerdp.spec @@ -27,7 +27,7 @@ Name: freerdp Version: 2.11.7 -Release: 7%{?dist}.3 +Release: 7%{?dist}.4 Epoch: 2 Summary: Free implementation of the Remote Desktop Protocol (RDP) License: ASL 2.0 @@ -194,6 +194,10 @@ Patch: client-x11-improve-rails-window-locking.patch Patch: client-x11-refactor-locking.patch Patch: client-x11-fix-deadlock-on-output-expose.patch +# CVE-2026-45700 +# https://github.com/FreeRDP/FreeRDP/commit/4a065a941ae134a0433d1497c03b3c3eb91b9f85 +Patch: codec-planar-fix-bounds-checks.patch + BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: alsa-lib-devel @@ -451,6 +455,10 @@ find %{buildroot} -name "*.a" -delete %{_libdir}/pkgconfig/winpr-tools2.pc %changelog +* Wed Jun 24 2026 RHEL Packaging Agent - 2:2.11.7-7.4 +- Fix incorrect bounds checks in planar codec (CVE-2026-45700) + Resolves: RHEL-186991 + * Tue May 05 2026 Ondrej Holy - 2:2.11.7-7.3 - Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952) Resolves: RHEL-159860