diff --git a/CVE-2024-32661.patch b/CVE-2024-32661.patch new file mode 100644 index 0000000..4e72795 --- /dev/null +++ b/CVE-2024-32661.patch @@ -0,0 +1,25 @@ +From 71e463e31b4d69f4022d36bfc814592f56600793 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Sun, 21 Apr 2024 13:56:13 +0200 +Subject: [PATCH] [core,info] fix missing check in rdp_write_logon_info_v1 + +Origin: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 + +--- + libfreerdp/core/info.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/libfreerdp/core/info.c ++++ b/libfreerdp/core/info.c +@@ -1322,6 +1322,10 @@ static BOOL rdp_write_logon_info_v1(wStr + return FALSE; + + /* domain */ ++ WINPR_ASSERT(info); ++ if (!info->domain || !info->username) ++ return FALSE; ++ + ilen = ConvertToUnicode(CP_UTF8, 0, info->domain, -1, &wString, 0); + + if (ilen < 0) + diff --git a/freerdp.spec b/freerdp.spec index 509b95b..0125413 100644 --- a/freerdp.spec +++ b/freerdp.spec @@ -1,6 +1,6 @@ Name: freerdp Version: 2.11.7 -Release: 1 +Release: 2 Epoch: 2 Summary: A Remote Desktop Protocol Implementation License: Apache-2.0 @@ -8,6 +8,7 @@ URL: http://www.freerdp.com Source0: https://github.com/FreeRDP/FreeRDP/releases/download/%{version}/freerdp-%{version}.tar.gz Patch0001: Fix-freerdp-shadow-cli-exit-codes-for-help-and-version.patch +Patch0002: CVE-2024-32661.patch BuildRequires: gcc gcc-c++ alsa-lib-devel cmake >= 2.8 cups-devel gsm-devel libXrandr-devel libXv-devel BuildRequires: libjpeg-turbo-devel libjpeg-turbo-devel libX11-devel libXcursor-devel libxkbfile-devel @@ -137,6 +138,9 @@ echo "%{_libdir}/freerdp2" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_ %{_mandir}/*/* %changelog +* Mon May 06 2024 wangkai <13474090681@163.com> - 2:2.11.7-2 +- Fix CVE-2024-32661 + * Tue Apr 23 2024 wangkai <13474090681@163.com> - 2:2.11.7-1 - Update to 2.11.7 for fix CVE-2024-32039,CVE-2024-32040, CVE-2024-32041,CVE-2024-32458,CVE-2024-32459,CVE-2024-32460,