Update to 2.11.7 and Fix CVE-2024-32039,CVE-2024-32040,CVE-2024-32041,CVE-2024-32458,CVE-2024-32459,CVE-2024-32460
(cherry picked from commit 107b29537ad2215b1aa3c0c1e186581f6393df89)
This commit is contained in:
wk333
openeuler-sync-bot
parent
36c69c393a
commit
56de371a4f
@ -1,34 +0,0 @@
|
||||
From aeac3040cc99eeaff1e1171a822114c857b9dca9 Mon Sep 17 00:00:00 2001
|
||||
From: Armin Novak <anovak@thincast.com>
|
||||
Date: Sat, 13 Jan 2024 21:01:55 +0100
|
||||
Subject: [PATCH] [codec,planar] check resolution for overflow
|
||||
|
||||
Origin: https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9
|
||||
|
||||
If the codec resolution is too large return an error as the internal
|
||||
buffers would otherwise overflow.
|
||||
|
||||
(cherry picked from commit 44edab1deae4f8c901c00a00683f888cef36d853)
|
||||
---
|
||||
libfreerdp/codec/planar.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
|
||||
index b4815a632309..0a5ec581c6cc 100644
|
||||
--- a/libfreerdp/codec/planar.c
|
||||
+++ b/libfreerdp/codec/planar.c
|
||||
@@ -1496,7 +1496,13 @@ BOOL freerdp_bitmap_planar_context_reset(BITMAP_PLANAR_CONTEXT* context, UINT32
|
||||
context->bgr = FALSE;
|
||||
context->maxWidth = PLANAR_ALIGN(width, 4);
|
||||
context->maxHeight = PLANAR_ALIGN(height, 4);
|
||||
- context->maxPlaneSize = context->maxWidth * context->maxHeight;
|
||||
+ const UINT64 tmp = (UINT64)context->maxWidth * context->maxHeight;
|
||||
+ if (tmp > UINT32_MAX)
|
||||
+ return FALSE;
|
||||
+ context->maxPlaneSize = tmp;
|
||||
+
|
||||
+ if (context->maxWidth > UINT32_MAX / 4)
|
||||
+ return FALSE;
|
||||
context->nTempStep = context->maxWidth * 4;
|
||||
free(context->planesBuffer);
|
||||
free(context->pTempData);
|
||||
Binary file not shown.
@ -1,6 +1,6 @@
|
||||
Name: freerdp
|
||||
Version: 2.11.1
|
||||
Release: 2
|
||||
Version: 2.11.7
|
||||
Release: 1
|
||||
Epoch: 2
|
||||
Summary: A Remote Desktop Protocol Implementation
|
||||
License: Apache-2.0
|
||||
@ -8,7 +8,6 @@ URL: http://www.freerdp.com
|
||||
|
||||
Source0: https://github.com/FreeRDP/FreeRDP/releases/download/%{version}/freerdp-%{version}.tar.gz
|
||||
Patch0001: Fix-freerdp-shadow-cli-exit-codes-for-help-and-version.patch
|
||||
Patch0002: CVE-2024-22211.patch
|
||||
|
||||
BuildRequires: gcc gcc-c++ alsa-lib-devel cmake >= 2.8 cups-devel gsm-devel libXrandr-devel libXv-devel
|
||||
BuildRequires: libjpeg-turbo-devel libjpeg-turbo-devel libX11-devel libXcursor-devel libxkbfile-devel
|
||||
@ -138,6 +137,10 @@ echo "%{_libdir}/freerdp2" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Tue Apr 23 2024 wangkai <13474090681@163.com> - 2:2.11.7-1
|
||||
- Update to 2.11.7
|
||||
- Fix CVE-2024-32039,CVE-2024-32040,CVE-2024-32041,CVE-2024-32458,CVE-2024-32459,CVE-2024-32460
|
||||
|
||||
* Wed Jan 24 2024 wangkai <13474090681@163.com> - 2:2.11.1-2
|
||||
- Fix CVE-2024-22211
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user