Enable Salsa CI

2023-10-03 09:35:54 +02:00 · 2023-10-03 09:35:54 +02:00 · 0333c99067
commit 0333c99067
parent 6e4db706a5
4 changed files with 60 additions and 0 deletions
--- a/debian/.gitlab-ci.yml
+++ b/debian/.gitlab-ci.yml
@ -0,0 +1,8 @@
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'buster'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
+  SALSA_CI_DISABLE_LINTIAN: 1
--- a/debian/changelog
+++ b/debian/changelog
@ -13,6 +13,9 @@ freerdp2 (2.3.0+dfsg1-2~deb10u3) UNRELEASED; urgency=medium
     CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-13396
     CVE-2020-13397 CVE-2020-13398 and
     CVE-2020-15103 (Closes: #965979)
+  * Backporting remaining issues: (Closes: #1051638)
+    CVE-2023-3950
+   

 -- Tobias Frost <tobi@debian.org>  Mon, 02 Oct 2023 17:10:48 +0200

--- a/debian/patches/0036-CVE-2023-3950.patch
+++ b/debian/patches/0036-CVE-2023-3950.patch
@ -0,0 +1,48 @@
+Description: Upstream fix for CVE-2023-39350 - Incorrect offset calculation leading to DOS 
+Origin: https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc
+Bug: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh
+Bug-Vendor: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051638
+From e204fc8be5a372626b13f66daf2abafe71dbc2dc Mon Sep 17 00:00:00 2001
+From: Armin Novak <anovak@thincast.com>
+Date: Sat, 5 Aug 2023 08:57:28 +0200
+Subject: [PATCH] [coded,rfx] check indices are within range
+
+reported by @pwn2carr
+---
+ libfreerdp/codec/rfx.c | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+
+--- a/libfreerdp/codec/rfx.c
+++ b/libfreerdp/codec/rfx.c
+@@ -936,6 +936,31 @@
+ 		Stream_Read_UINT8(&sub, tile->quantIdxY);  /* quantIdxY (1 byte) */
+ 		Stream_Read_UINT8(&sub, tile->quantIdxCb); /* quantIdxCb (1 byte) */
+ 		Stream_Read_UINT8(&sub, tile->quantIdxCr); /* quantIdxCr (1 byte) */
+		if (tile->quantIdxY >= context->numQuant)
+		{
+			WLog_Print(context->priv->log, WLOG_ERROR,
+			           "quantIdxY %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxY,
+			           context->numQuant);
+			rc = FALSE;
+			break;
+		}
+		if (tile->quantIdxCb >= context->numQuant)
+		{
+			WLog_Print(context->priv->log, WLOG_ERROR,
+			           "quantIdxCb %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCb,
+			           context->numQuant);
+			rc = FALSE;
+			break;
+		}
+		if (tile->quantIdxCr >= context->numQuant)
+		{
+			WLog_Print(context->priv->log, WLOG_ERROR,
+			           "quantIdxCr %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCr,
+			           context->numQuant);
+			rc = FALSE;
+			break;
+		}
+
+ 		Stream_Read_UINT16(&sub, tile->xIdx);      /* xIdx (2 bytes) */
+ 		Stream_Read_UINT16(&sub, tile->yIdx);      /* yIdx (2 bytes) */
+ 		Stream_Read_UINT16(&sub, tile->YLen);      /* YLen (2 bytes) */
--- a/debian/patches/series
+++ b/debian/patches/series
@ -23,3 +23,4 @@
 0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch
 0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch
 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch
+0036-CVE-2023-3950.patch