From: ross.burton@arm.com
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 4/5] xserver-xorg: add PACKAGECONFIG for xvfb
Date: Mon, 22 Jan 2024 14:04:05 +0000 [thread overview]
Message-ID: <20240122140406.3837333-4-ross.burton@arm.com> (raw)
In-Reply-To: <20240122140406.3837333-1-ross.burton@arm.com>
From: Ross Burton <ross.burton@arm.com>
Xvfb is pretty niche and has outstanding unsolved security issues, so
let people disable it and add a conditional CVE_STATUS to reflect this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 085fcaf87a5..5a0fceea865 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -116,14 +116,13 @@ FILES:xf86-video-modesetting = "${libdir}/xorg/modules/drivers/modesetting_drv.s
EXTRA_OEMESON += " \
-Dxnest=false \
- -Dxvfb=true \
-Ddtrace=false \
-Dint10=x86emu \
-Dxkb_output_dir=/var/lib/xkb \
"
OPENGL_PKGCONFIGS = "dri glx glamor dri3"
-PACKAGECONFIG ??= "dga dri2 udev ${XORG_CRYPTO} \
+PACKAGECONFIG ??= "dga dri2 udev xvfb ${XORG_CRYPTO} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', '${OPENGL_PKGCONFIGS}', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-logind', '', d)} \
"
@@ -138,6 +137,7 @@ PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,li
PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind"
PACKAGECONFIG[systemd-logind] = "-Dsystemd_logind=true,-Dsystemd_logind=false,dbus,"
PACKAGECONFIG[xinerama] = "-Dxinerama=true,-Dxinerama=false"
+PACKAGECONFIG[xvfb] = "-Dxvfb=true,-Dxvfb=false"
# Xorg requires a SHA1 implementation, pick one
XORG_CRYPTO ??= "openssl"
@@ -175,3 +175,5 @@ python populate_packages:prepend() {
d.appendVar("RPROVIDES:" + pn, " " + get_abi("input"))
d.appendVar("RPROVIDES:" + pn, " " + get_abi("video"))
}
+
+CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', '', 'not-applicable-config: specific to Xvfb', d)}"
--
2.34.1
next prev parent reply other threads:[~2024-01-22 14:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-22 14:04 [PATCH 1/5] cve_check: handle CVE_STATUS being set to the empty string ross.burton
2024-01-22 14:04 ` [PATCH 2/5] cve_check: cleanup logging ross.burton
2024-01-22 14:04 ` [PATCH 3/5] zlib: ignore CVE-2023-6992 ross.burton
2024-01-22 14:16 ` [OE-core] " Marko, Peter
2024-01-22 14:26 ` Ross Burton
2024-01-22 14:52 ` Marko, Peter
2024-01-22 14:04 ` ross.burton [this message]
2024-01-22 14:04 ` [PATCH 5/5] xserver-xorg: disable xvfb by default ross.burton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240122140406.3837333-4-ross.burton@arm.com \
--to=ross.burton@arm.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox