freerdp: patch CVE-2026-23530

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23530

The related Github advisory[1] contains an amalysis of the
vulenrability, describing the issue and the root cause also.

Backported the commit that implemented the solution described
in the advisory.

[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch

@@ -0,0 +1,28 @@
+From 6f61d18e9707cebe9d7d64346c66da780c7094c4 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 15 Jan 2026 12:02:02 +0100
+Subject: [PATCH] fix decoder length checks
+
+CVE: CVE-2026-23530
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/codec/planar.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
+index fe27011e1..1cb2e22bc 100644
+--- a/libfreerdp/codec/planar.c
++++ b/libfreerdp/codec/planar.c
+@@ -616,6 +616,11 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+ 	WINPR_ASSERT(planar);
+ 	WINPR_ASSERT(prims);
+ 
++	if (planar->maxWidth < nSrcWidth)
++		return FALSE;
++	if (planar->maxHeight < nSrcHeight)
++		return FALSE;
++
+ 	if (nDstStep <= 0)
+ 		nDstStep = nDstWidth * GetBytesPerPixel(DstFormat);
+ 

meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb

@@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2026-22854.patch \
            file://CVE-2026-22855.patch \
            file://CVE-2026-22852.patch \
+           file://CVE-2026-23530.patch \
            "