* [OE-core][dunfell 0/7] Patch review
@ 2020-08-17 15:11 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.
Passed a-full on autobuilder (other than 500 server error posting report for qemumips-alt):
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1265
The following changes since commit b95d6aeafb70765e22d2e1254e749a48f508d489:
uninative: Handle PREMIRRORS generically (2020-08-09 09:26:54 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (3):
linux-yocto-rt/5.4: update to rt32
linux-yocto/5.4: update to v5.4.56
linux-yocto/5.4: update to v5.4.57
Khem Raj (4):
glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
gcc-9.3.inc: Mark CVE-2019-15847 as fixed
go: update 1.14.4 -> 1.14.6
go: Upgrade to 1.14.7
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/0016-Add-unused-attribute.patch | 31 ---
.../glibc/glibc/CVE-2020-6096.patch | 112 ----------
.../glibc/glibc/CVE-2020-6096_2.patch | 194 ------------------
meta/recipes-core/glibc/glibc_2.31.bb | 5 +-
meta/recipes-devtools/gcc/gcc-9.3.inc | 2 +
meta/recipes-devtools/go/go-1.14.inc | 5 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
10 files changed, 24 insertions(+), 363 deletions(-)
delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2020-09-18 16:15 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-09-18 16:15 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Monday.
The following changes since commit b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a:
cve-check: avoid FileNotFoundError if no do_cve_check task has run (2020-09-14 04:26:37 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Christophe GUIBOUT (1):
initramfs-framework: support kernel cmdline with double quotes
Geoff Parker (1):
systemd-serialgetty: Replace sed quoting using ' with " to allow var
expansion
Khem Raj (1):
populate_sdk_ext: Do not assume local.conf will always exist
Michael Gloff (1):
sysvinit: Remove ${B} assignment
Pierre-Jean Texier (1):
libubootenv: upgrade 0.3 -> 0.3.1
Rahul Kumar (1):
systemd-serialgetty: Fix sed expression quoting
Steve Sakoman (1):
Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"
meta/classes/kernel.bbclass | 2 +-
meta/classes/populate_sdk_ext.bbclass | 5 +++--
.../{libubootenv_0.3.bb => libubootenv_0.3.1.bb} | 2 +-
.../initrdscripts/initramfs-framework/init | 13 +++++++++++++
meta/recipes-core/systemd/systemd-serialgetty.bb | 4 ++--
meta/recipes-core/sysvinit/sysvinit_2.96.bb | 1 -
6 files changed, 20 insertions(+), 7 deletions(-)
rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb} (94%)
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2021-07-15 14:07 Steve Sakoman
2021-07-15 14:16 ` Andrej Valek
0 siblings, 1 reply; 22+ messages in thread
From: Steve Sakoman @ 2021-07-15 14:07 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2350
The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:
report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrej Valek (1):
busybox: add tmpdir option into mktemp applet
Richard Purdie (3):
pseudo: Add uninative configuration sanity check
pseudo: Update to latest version including statx fix
sstate: Drop pseudo exclusion
Steve Sakoman (3):
bluez: fix CVE-2021-3588
gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
meta/classes/sstate.bbclass | 2 -
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
.../bluez5/bluez5/CVE-2021-3588.patch | 34 ++++++++
.../0001-mktemp-add-tmpdir-option.patch | 81 +++++++++++++++++++
meta/recipes-core/busybox/busybox_1.31.1.bb | 1 +
meta/recipes-devtools/pseudo/pseudo.inc | 13 +++
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
.../gstreamer1.0-plugins-base_1.16.3.bb | 4 +
.../gstreamer1.0-plugins-good_1.16.3.bb | 5 ++
9 files changed, 140 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch
create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [OE-core][dunfell 0/7] Patch review
2021-07-15 14:07 Steve Sakoman
@ 2021-07-15 14:16 ` Andrej Valek
0 siblings, 0 replies; 22+ messages in thread
From: Andrej Valek @ 2021-07-15 14:16 UTC (permalink / raw)
To: steve@sakoman.com; +Cc: openembedded-core@lists.openembedded.org
Hello Steve,
Busybox patch looks fine.
Cheers,
Andrej
> Please review this next set of patches for dunfell and have comments back by end of day Monday.
>
> Passed a-full on autobuilder:
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Ftyphoon%2F%23%2Fbuilders%2F83%2Fbuilds%2F2350&data=04%7C01%7Candrej.valek%40siemens.com%> 7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHIY6jrIIjgQrMFGZI5aGHjaqK4A5Y17uptGKbI%2ByXQ%3D&reserved=0
>
> The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:
>
> report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)
>
> are available in the Git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcgit.openembedded.org%2Fopenembedded-core-contrib%2Flog%2F%3Fh%3Dstable%2Fdunfell-nut&data=04%7C01%7Candrej.valek%40siemens.com%7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RqxpOBjsL%2B6GJnZwWtQ7KHLi%2FAcp1A0KZza9ow9p%2FPc%3D&reserved=0
> Andrej Valek (1):
> busybox: add tmpdir option into mktemp applet
>
> Richard Purdie (3):
> pseudo: Add uninative configuration sanity check
> pseudo: Update to latest version including statx fix
> sstate: Drop pseudo exclusion
>
> Steve Sakoman (3):
> bluez: fix CVE-2021-3588
> gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
> gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
>
> meta/classes/sstate.bbclass | 2 -
> meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
> .../bluez5/bluez5/CVE-2021-3588.patch | 34 ++++++++
> .../0001-mktemp-add-tmpdir-option.patch | 81 +++++++++++++++++++
> meta/recipes-core/busybox/busybox_1.31.1.bb | 1 +
> meta/recipes-devtools/pseudo/pseudo.inc | 13 +++
> meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
> .../gstreamer1.0-plugins-base_1.16.3.bb | 4 +
> .../gstreamer1.0-plugins-good_1.16.3.bb | 5 ++
> 9 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-> 2021-3588.patch
> create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
>
> --
> 2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-03-30 2:27 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman
` (6 more replies)
0 siblings, 7 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3445
The following changes since commit da5cba5ec56cc437ede46d8aa71219a2a34cbe9e:
oeqa/selftest/tinfoil: Fix intermittent event loss issue in test (2022-03-26 16:25:24 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Steve Sakoman (7):
util-linux: fix CVE-2022-0563
xserver-xorg: update to 1.20.9
xserver-xorg: update to 1.20.10
xserver-xorg: update to 1.20.11
xserver-xorg: update to 1.20.12
xserver-xorg: update to 1.20.13
xserver-xorg: update to 1.20.14
.../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++
.../util-linux/util-linux_2.35.1.bb | 1 +
.../xorg-xserver/xserver-xorg.inc | 2 +-
.../xserver-xorg/CVE-2020-14345.patch | 182 ------------------
.../xserver-xorg/CVE-2020-14346.patch | 36 ----
.../xserver-xorg/CVE-2020-14347.patch | 38 ----
.../xserver-xorg/CVE-2020-14360.patch | 132 -------------
.../xserver-xorg/CVE-2020-14361.patch | 36 ----
.../xserver-xorg/CVE-2020-14362.patch | 70 -------
.../xserver-xorg/CVE-2020-25712.patch | 102 ----------
...xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} | 11 +-
11 files changed, 165 insertions(+), 606 deletions(-)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} (73%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
@ 2022-03-30 2:27 ` Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9 Steve Sakoman
` (5 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
A flaw was found in the util-linux chfn and chsh utilities when compiled
with Readline support. The Readline library uses an "INPUTRC" environment
variable to get a path to the library config file. When the library cannot
parse the specified file, it prints an error message containing data from
the file. This flaw allows an unprivileged user to read root-owned files,
potentially leading to privilege escalation. This flaw affects util-linux
versions prior to 2.37.4.
Backport patch from upstream:
https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
Patch required slight modifications to apply cleanly to util-linux 2.35.1
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++++
.../util-linux/util-linux_2.35.1.bb | 1 +
2 files changed, 162 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
new file mode 100644
index 0000000000..54b496ea3f
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
@@ -0,0 +1,161 @@
+From faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 10 Feb 2022 12:03:17 +0100
+Subject: [PATCH] chsh, chfn: remove readline support [CVE-2022-0563]
+
+The readline library uses INPUTRC= environment variable to get a path
+to the library config file. When the library cannot parse the
+specified file, it prints an error message containing data from the
+file.
+
+Unfortunately, the library does not use secure_getenv() (or a similar
+concept) to avoid vulnerabilities that could occur if set-user-ID or
+set-group-ID programs.
+
+Reported-by: Rory Mackie <rory.mackie@trailofbits.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+Upstream-status: Backport
+https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
+
+CVE: CVE-2022-0563
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ login-utils/Makemodule.am | 2 +-
+ login-utils/chfn.c | 16 +++------------
+ login-utils/chsh.c | 42 ++-------------------------------------
+ 3 files changed, 6 insertions(+), 54 deletions(-)
+
+diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
+index fac5bfc..73636af 100644
+--- a/login-utils/Makemodule.am
++++ b/login-utils/Makemodule.am
+@@ -82,7 +82,7 @@ chfn_chsh_sources = \
+ login-utils/ch-common.c
+ chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
+ chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
+-chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS)
++chfn_chsh_ldadd = libcommon.la
+
+ if CHFN_CHSH_PASSWORD
+ chfn_chsh_ldadd += -lpam
+diff --git a/login-utils/chfn.c b/login-utils/chfn.c
+index b739555..2f8e44a 100644
+--- a/login-utils/chfn.c
++++ b/login-utils/chfn.c
+@@ -56,11 +56,6 @@
+ # include "auth.h"
+ #endif
+
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct finfo {
+ char *full_name;
+ char *office;
+@@ -229,22 +224,17 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question,
+ {
+ int len;
+ char *buf;
+-#ifndef HAVE_LIBREADLINE
+- size_t dummy = 0;
+-#endif
+
+ if (!def_val)
+ def_val = "";
++
+ while (true) {
+ printf("%s [%s]: ", question, def_val);
+ __fpurge(stdin);
+-#ifdef HAVE_LIBREADLINE
+- rl_bind_key('\t', rl_insert);
+- if ((buf = readline(NULL)) == NULL)
+-#else
++
+ if (getline(&buf, &dummy, stdin) < 0)
+-#endif
+ errx(EXIT_FAILURE, _("Aborted."));
++
+ /* remove white spaces from string end */
+ ltrim_whitespace((unsigned char *) buf);
+ len = rtrim_whitespace((unsigned char *) buf);
+diff --git a/login-utils/chsh.c b/login-utils/chsh.c
+index a9ebec8..ee6ff87 100644
+--- a/login-utils/chsh.c
++++ b/login-utils/chsh.c
+@@ -58,11 +58,6 @@
+ # include "auth.h"
+ #endif
+
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct sinfo {
+ char *username;
+ char *shell;
+@@ -121,33 +116,6 @@ static void print_shells(void)
+ endusershell();
+ }
+
+-#ifdef HAVE_LIBREADLINE
+-static char *shell_name_generator(const char *text, int state)
+-{
+- static size_t len;
+- char *s;
+-
+- if (!state) {
+- setusershell();
+- len = strlen(text);
+- }
+-
+- while ((s = getusershell())) {
+- if (strncmp(s, text, len) == 0)
+- return xstrdup(s);
+- }
+- return NULL;
+-}
+-
+-static char **shell_name_completion(const char *text,
+- int start __attribute__((__unused__)),
+- int end __attribute__((__unused__)))
+-{
+- rl_attempted_completion_over = 1;
+- return rl_completion_matches(text, shell_name_generator);
+-}
+-#endif
+-
+ /*
+ * parse_argv () --
+ * parse the command line arguments, and fill in "pinfo" with any
+@@ -198,20 +166,14 @@ static char *ask_new_shell(char *question, char *oldshell)
+ {
+ int len;
+ char *ans = NULL;
+-#ifdef HAVE_LIBREADLINE
+- rl_attempted_completion_function = shell_name_completion;
+-#else
+ size_t dummy = 0;
+-#endif
++
+ if (!oldshell)
+ oldshell = "";
+ printf("%s [%s]\n", question, oldshell);
+-#ifdef HAVE_LIBREADLINE
+- if ((ans = readline("> ")) == NULL)
+-#else
+ if (getline(&ans, &dummy, stdin) < 0)
+-#endif
+ return NULL;
++
+ /* remove the newline at the end of ans. */
+ ltrim_whitespace((unsigned char *) ans);
+ len = rtrim_whitespace((unsigned char *) ans);
+--
+2.25.1
+
diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
index 96d5eca518..89dc564ecb 100644
--- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
@@ -15,6 +15,7 @@ SRC_URI += "file://configure-sbindir.patch \
file://include-strutils-cleanup-strto-functions.patch \
file://CVE-2021-3995.patch \
file://CVE-2021-3996.patch \
+ file://CVE-2022-0563.patch \
"
SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf"
SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman
@ 2022-03-30 2:27 ` Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10 Steve Sakoman
` (4 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Remove CVE patches contained in this release.
Stable branch update:
afb77415e (tag: xorg-server-1.20.9) xserver 1.20.9
705d72139 Fix XRecordRegisterClients() Integer underflow
5b384e767 Fix XkbSelectEvents() integer underflow
eff3f6cdd Fix XIChangeHierarchy() integer underflow
1d3a1092c Correct bounds checking in XkbSetNames()
249a12c54 linux: Fix platform device probe for DT-based PCI
5c96eb5f4 linux: Fix platform device PCI detection for complex bus topologies
74b7427c4 linux: Make platform device probe less fragile
4979ac8f0 fix for ZDI-11426
2720b8715 xfree86: add drm modes on non-GTF panels
7da8e7bab present: Check valid region in window mode flips
4a65b6617 xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp
10cabe0b9 xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
3b51978b9 doc: Update URLs in Xserver-DTrace.xml
6cbd6a09b xwayland: Use a fixed DPI value for core protocol
d4e8c4622 xwayland: only use linux-dmabuf if format/modifier was advertised
c726ceacc hw/xfree86: Avoid cursor use after free
0679d4660 Update URL's in man pages
3059a2e62 xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
23c55ec32 xwayland: Hold a pixmap reference in struct xwl_present_event
1179938c1 randr: Check rrPrivKey in RRHasScanoutPixmap()
4912f693e modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation
ccbcf083d xwayland: Store xwl_tablet_pad in its own private key
cc3613559 xwayland: Initialise values in xwlVidModeGetGamma()
533cc6ca0 xwayland: Fix crashes when there is no pointer
3aa31823d xwayland: Clear private on device removal
22c0808ac xwayland: Free all remaining events in xwl_present_cleanup
37779d7f4 xwayland: Always use xwl_present_free_event for freeing Present events
ba52e5eb0 present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
b3310ed50 present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
fc297c87d xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
0430d13c1 xwayland: Fix infinite loop at startup
b8b10e293 modesetting: Disable pageflipping when using a swcursor
271934db9 dix: do not send focus event when grab actually does not change
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xserver-xorg/CVE-2020-14345.patch | 182 ------------------
.../xserver-xorg/CVE-2020-14346.patch | 36 ----
.../xserver-xorg/CVE-2020-14347.patch | 38 ----
.../xserver-xorg/CVE-2020-14361.patch | 36 ----
.../xserver-xorg/CVE-2020-14362.patch | 70 -------
...-xorg_1.20.8.bb => xserver-xorg_1.20.9.bb} | 9 +-
6 files changed, 2 insertions(+), 369 deletions(-)
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.9.bb} (78%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
deleted file mode 100644
index fb3a37c474..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:46:32 +0200
-Subject: [PATCH] Correct bounds checking in XkbSetNames()
-
-CVE-2020-14345 / ZDI 11428
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-CVE: CVE-2020-14345
-Affects < 1.20.9
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 48 insertions(+)
-
-Index: xorg-server-1.20.8/xkb/xkb.c
-===================================================================
---- xorg-server-1.20.8.orig/xkb/xkb.c
-+++ xorg-server-1.20.8/xkb/xkb.c
-@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT;
- #define CHK_REQ_KEY_RANGE(err,first,num,r) \
- CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue)
-
-+static Bool
-+_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) {
-+ char *cstuff = (char *)stuff;
-+ char *cfrom = (char *)from;
-+ char *cto = (char *)to;
-+
-+ return cfrom < cto &&
-+ cfrom >= cstuff &&
-+ cfrom < cstuff + ((size_t)client->req_len << 2) &&
-+ cto >= cstuff &&
-+ cto <= cstuff + ((size_t)client->req_len << 2);
-+}
-+
- /***====================================================================***/
-
- int
-@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- client->errorValue = _XkbErrCode2(0x04, stuff->firstType);
- return BadAccess;
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes))
-+ return BadLength;
- old = tmp;
- tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad);
- if (!tmp) {
-@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- }
- width = (CARD8 *) tmp;
- tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels));
-+ if (!_XkbCheckRequestBounds(client, stuff, width, tmp))
-+ return BadLength;
- type = &xkb->map->types[stuff->firstKTLevel];
- for (i = 0; i < stuff->nKTLevels; i++, type++) {
- if (width[i] == 0)
-@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- type->num_levels, width[i]);
- return BadMatch;
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i]))
-+ return BadLength;
- tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad);
- if (!tmp) {
- client->errorValue = bad;
-@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- client->errorValue = 0x08;
- return BadMatch;
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+ tmp + Ones(stuff->indicators)))
-+ return BadLength;
- tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators,
- client->swapped, &bad);
- if (!tmp) {
-@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- client->errorValue = 0x09;
- return BadMatch;
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+ tmp + Ones(stuff->virtualMods)))
-+ return BadLength;
- tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods,
- (CARD32) stuff->virtualMods,
- client->swapped, &bad);
-@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- client->errorValue = 0x0a;
- return BadMatch;
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+ tmp + Ones(stuff->groupNames)))
-+ return BadLength;
- tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups,
- (CARD32) stuff->groupNames,
- client->swapped, &bad);
-@@ -4141,9 +4169,14 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- stuff->nKeys);
- return BadValue;
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys))
-+ return BadLength;
- tmp += stuff->nKeys;
- }
- if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) {
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+ tmp + (stuff->nKeyAliases * 2)))
-+ return BadLength;
- tmp += stuff->nKeyAliases * 2;
- }
- if (stuff->which & XkbRGNamesMask) {
-@@ -4151,6 +4184,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
- client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups);
- return BadValue;
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+ tmp + stuff->nRadioGroups))
-+ return BadLength;
- tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad);
- if (!tmp) {
- client->errorValue = bad;
-@@ -4344,6 +4380,8 @@ ProcXkbSetNames(ClientPtr client)
- /* check device-independent stuff */
- tmp = (CARD32 *) &stuff[1];
-
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+ return BadLength;
- if (stuff->which & XkbKeycodesNameMask) {
- tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
- if (!tmp) {
-@@ -4351,6 +4389,8 @@ ProcXkbSetNames(ClientPtr client)
- return BadAtom;
- }
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+ return BadLength;
- if (stuff->which & XkbGeometryNameMask) {
- tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
- if (!tmp) {
-@@ -4358,6 +4398,8 @@ ProcXkbSetNames(ClientPtr client)
- return BadAtom;
- }
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+ return BadLength;
- if (stuff->which & XkbSymbolsNameMask) {
- tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
- if (!tmp) {
-@@ -4365,6 +4407,8 @@ ProcXkbSetNames(ClientPtr client)
- return BadAtom;
- }
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+ return BadLength;
- if (stuff->which & XkbPhysSymbolsNameMask) {
- tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
- if (!tmp) {
-@@ -4372,6 +4416,8 @@ ProcXkbSetNames(ClientPtr client)
- return BadAtom;
- }
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+ return BadLength;
- if (stuff->which & XkbTypesNameMask) {
- tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
- if (!tmp) {
-@@ -4379,6 +4425,8 @@ ProcXkbSetNames(ClientPtr client)
- return BadAtom;
- }
- }
-+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+ return BadLength;
- if (stuff->which & XkbCompatNameMask) {
- tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
- if (!tmp) {
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
deleted file mode 100644
index 4994a21d33..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:49:04 +0200
-Subject: [PATCH] Fix XIChangeHierarchy() integer underflow
-
-CVE-2020-14346 / ZDI-CAN-11429
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-[https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff]
-CVE: CVE-2020-14346
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- Xi/xichangehierarchy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
-index cbdd91258..504defe56 100644
---- a/Xi/xichangehierarchy.c
-+++ b/Xi/xichangehierarchy.c
-@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
- if (!stuff->num_changes)
- return rc;
-
-- len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
-+ len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq);
-
- any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
- while (stuff->num_changes--) {
---
-2.17.1
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
deleted file mode 100644
index cf3f5f9417..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Sat, 25 Jul 2020 19:33:50 +0200
-Subject: [PATCH] fix for ZDI-11426
-
-Avoid leaking un-initalized memory to clients by zeroing the
-whole pixmap on initial allocation.
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-
-
-Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816]
-CVE: CVE-2020-14347
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- dix/pixmap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dix/pixmap.c b/dix/pixmap.c
-index 1186d7dbbf..5a0146bbb6 100644
---- a/dix/pixmap.c
-+++ b/dix/pixmap.c
-@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
- if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
- return NullPixmap;
-
-- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
-+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
- if (!pPixmap)
- return NullPixmap;
-
---
-GitLab
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
deleted file mode 100644
index 710cc3873c..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 144849ea27230962227e62a943b399e2ab304787 Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:52:29 +0200
-Subject: [PATCH] Fix XkbSelectEvents() integer underflow
-
-CVE-2020-14361 ZDI-CAN 11573
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-[https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787]
-CVE: CVE-2020-14361
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- xkb/xkbSwap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c
-index 1c1ed5ff4..50cabb90e 100644
---- a/xkb/xkbSwap.c
-+++ b/xkb/xkbSwap.c
-@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client)
- register unsigned bit, ndx, maskLeft, dataLeft, size;
-
- from.c8 = (CARD8 *) &stuff[1];
-- dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq);
-+ dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq);
- maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask));
- for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) {
- if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify))
---
-2.17.1
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
deleted file mode 100644
index 2103e9c198..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:55:01 +0200
-Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow
-
-CVE-2020-14362 ZDI-CAN-11574
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-[https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc]
-CVE: CVE-2020-14362
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- record/record.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/record/record.c b/record/record.c
-index f2d38c877..be154525d 100644
---- a/record/record.c
-+++ b/record/record.c
-@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client)
- } /* SProcRecordQueryVersion */
-
- static int _X_COLD
--SwapCreateRegister(xRecordRegisterClientsReq * stuff)
-+SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
- {
- int i;
- XID *pClientID;
-@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff)
- swapl(&stuff->nRanges);
- pClientID = (XID *) &stuff[1];
- if (stuff->nClients >
-- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq))
-+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq))
- return BadLength;
- for (i = 0; i < stuff->nClients; i++, pClientID++) {
- swapl(pClientID);
- }
- if (stuff->nRanges >
-- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)
-+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
- - stuff->nClients)
- return BadLength;
- RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
-@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client)
-
- swaps(&stuff->length);
- REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq);
-- if ((status = SwapCreateRegister((void *) stuff)) != Success)
-+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
- return status;
- return ProcRecordCreateContext(client);
- } /* SProcRecordCreateContext */
-@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client)
-
- swaps(&stuff->length);
- REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq);
-- if ((status = SwapCreateRegister((void *) stuff)) != Success)
-+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
- return status;
- return ProcRecordRegisterClients(client);
- } /* SProcRecordRegisterClients */
---
-2.17.1
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
similarity index 78%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
index 8c77c3756b..4f001c2d3d 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
@@ -5,16 +5,11 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://0001-test-xtest-Initialize-array-with-braces.patch \
file://sdksyms-no-build-path.patch \
file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
- file://CVE-2020-14347.patch \
- file://CVE-2020-14346.patch \
- file://CVE-2020-14361.patch \
- file://CVE-2020-14362.patch \
- file://CVE-2020-14345.patch \
file://CVE-2020-14360.patch \
file://CVE-2020-25712.patch \
"
-SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839"
-SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146"
+SRC_URI[md5sum] = "afcae2f46d47c33863cab7fd9db7279a"
+SRC_URI[sha256sum] = "e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571"
CFLAGS += "-fcommon"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9 Steve Sakoman
@ 2022-03-30 2:27 ` Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11 Steve Sakoman
` (3 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Remove CVE patches contained in this release.
Stable branch update:
bc111a2e6 (tag: xorg-server-1.20.10) xserver 1.20.10
06d1a032e Check SetMap request length carefully.
7ccb3b0ea Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows
440ed5948 present/wnmd: Translate update region to screen space
54f9af1c6 modesetting: keep going if a modeset fails on EnterVT
bd0f53725 modesetting: check the kms state on EnterVT
5c400cae1 configure: Build hashtable for Xres and glvnd
253569a3d xwayland: Create an xwl_window for toplevel only
0811a9ff7 xwayland: non-rootless requires the wl_shell protocol
b3ae038c3 glamor: Update pixmap's devKind when making it exportable
d6c389cb8 os: Fix instruction pointer written in xorg_backtrace
c3e4c1a0f present/wnmd: Execute copies at target_msc-1 already
96ef31e0f present/wnmd: Move up present_wnmd_queue_vblank
669e40390 present: Add present_vblank::exec_msc field
dae234efd present: Move flip target_msc adjustment out of present_vblank_create
1930ed233 xwayland: Remove pending stream reference when freeing
1ac389dda xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one
d108c2c82 xwayland: Do not discard frame callbacks on allow commits
174cb91d8 present/wnmd: Remove dead check from present_wnmd_check_flip
51ee6e5ce xwayland: Check window pixmap in xwl_present_check_flip2
f4006d795 present/wnmd: Can't use page flipping for windows clipped by children
1e84fda20 xfree86: Take second reference for SavedCursor in xf86CursorSetCursor
8c3c8bda2 glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling
b28c88288 include: Increase the number of max. input devices to 256.
af4c84ce8 Revert "linux: Make platform device probe less fragile"
39cb95e95 Revert "linux: Fix platform device PCI detection for complex bus topologies"
4b6fce597 Revert "linux: Fix platform device probe for DT-based PCI"
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xserver-xorg/CVE-2020-14360.patch | 132 ------------------
.../xserver-xorg/CVE-2020-25712.patch | 102 --------------
...xorg_1.20.9.bb => xserver-xorg_1.20.10.bb} | 6 +-
3 files changed, 2 insertions(+), 238 deletions(-)
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.9.bb => xserver-xorg_1.20.10.bb} (84%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
deleted file mode 100644
index e9ab42742e..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Thu, 12 Nov 2020 19:15:07 +0100
-Subject: [PATCH] Check SetMap request length carefully.
-
-Avoid out of bounds memory accesses on too short request.
-
-ZDI-CAN 11572 / CVE-2020-14360
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
-CVE: CVE-2020-14360
-Signed-off-by: Armin Kuster <akuster@mvista.com>
----
- xkb/xkb.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 92 insertions(+)
-
-Index: xorg-server-1.20.8/xkb/xkb.c
-===================================================================
---- xorg-server-1.20.8.orig/xkb/xkb.c
-+++ xorg-server-1.20.8/xkb/xkb.c
-@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi,
- return (char *) wire;
- }
-
-+#define _add_check_len(new) \
-+ if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \
-+ else len += new
-+
-+/**
-+ * Check the length of the SetMap request
-+ */
-+static int
-+_XkbSetMapCheckLength(xkbSetMapReq *req)
-+{
-+ size_t len = sz_xkbSetMapReq, req_len = req->length << 2;
-+ xkbKeyTypeWireDesc *keytype;
-+ xkbSymMapWireDesc *symmap;
-+ BOOL preserve;
-+ int i, map_count, nSyms;
-+
-+ if (req_len < len)
-+ goto bad;
-+ /* types */
-+ if (req->present & XkbKeyTypesMask) {
-+ keytype = (xkbKeyTypeWireDesc *)(req + 1);
-+ for (i = 0; i < req->nTypes; i++) {
-+ _add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc));
-+ if (req->flags & XkbSetMapResizeTypes) {
-+ _add_check_len(keytype->nMapEntries
-+ * sz_xkbKTSetMapEntryWireDesc);
-+ preserve = keytype->preserve;
-+ map_count = keytype->nMapEntries;
-+ if (preserve) {
-+ _add_check_len(map_count * sz_xkbModsWireDesc);
-+ }
-+ keytype += 1;
-+ keytype = (xkbKeyTypeWireDesc *)
-+ ((xkbKTSetMapEntryWireDesc *)keytype + map_count);
-+ if (preserve)
-+ keytype = (xkbKeyTypeWireDesc *)
-+ ((xkbModsWireDesc *)keytype + map_count);
-+ }
-+ }
-+ }
-+ /* syms */
-+ if (req->present & XkbKeySymsMask) {
-+ symmap = (xkbSymMapWireDesc *)((char *)req + len);
-+ for (i = 0; i < req->nKeySyms; i++) {
-+ _add_check_len(sz_xkbSymMapWireDesc);
-+ nSyms = symmap->nSyms;
-+ _add_check_len(nSyms*sizeof(CARD32));
-+ symmap += 1;
-+ symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms);
-+ }
-+ }
-+ /* actions */
-+ if (req->present & XkbKeyActionsMask) {
-+ _add_check_len(req->totalActs * sz_xkbActionWireDesc
-+ + XkbPaddedSize(req->nKeyActs));
-+ }
-+ /* behaviours */
-+ if (req->present & XkbKeyBehaviorsMask) {
-+ _add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc);
-+ }
-+ /* vmods */
-+ if (req->present & XkbVirtualModsMask) {
-+ _add_check_len(XkbPaddedSize(Ones(req->virtualMods)));
-+ }
-+ /* explicit */
-+ if (req->present & XkbExplicitComponentsMask) {
-+ /* two bytes per non-zero explicit componen */
-+ _add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16)));
-+ }
-+ /* modmap */
-+ if (req->present & XkbModifierMapMask) {
-+ /* two bytes per non-zero modmap component */
-+ _add_check_len(XkbPaddedSize(req->totalModMapKeys * sizeof(CARD16)));
-+ }
-+ /* vmodmap */
-+ if (req->present & XkbVirtualModMapMask) {
-+ _add_check_len(req->totalVModMapKeys * sz_xkbVModMapWireDesc);
-+ }
-+ if (len == req_len)
-+ return Success;
-+bad:
-+ ErrorF("[xkb] BOGUS LENGTH in SetMap: expected %ld got %ld\n",
-+ len, req_len);
-+ return BadLength;
-+}
-+
-+
- /**
- * Check if the given request can be applied to the given device but don't
- * actually do anything..
-@@ -2639,6 +2726,11 @@ ProcXkbSetMap(ClientPtr client)
- CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixManageAccess);
- CHK_MASK_LEGAL(0x01, stuff->present, XkbAllMapComponentsMask);
-
-+ /* first verify the request length carefully */
-+ rc = _XkbSetMapCheckLength(stuff);
-+ if (rc != Success)
-+ return rc;
-+
- tmp = (char *) &stuff[1];
-
- /* Check if we can to the SetMap on the requested device. If this
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
deleted file mode 100644
index f39f6b32b1..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Sun, 11 Oct 2020 17:05:09 +0200
-Subject: [PATCH] Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap
- overflows
-
-ZDI-CAN 11389 / CVE-2020-25712
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
-CVE: CVE-2020-25712
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- xkb/xkb.c | 26 +++++++++++++++++++++++---
- 1 file changed, 23 insertions(+), 3 deletions(-)
-
-Index: xorg-server-1.20.8/xkb/xkb.c
-===================================================================
---- xorg-server-1.20.8.orig/xkb/xkb.c
-+++ xorg-server-1.20.8/xkb/xkb.c
-@@ -6625,7 +6625,9 @@ SetDeviceIndicators(char *wire,
- unsigned changed,
- int num,
- int *status_rtrn,
-- ClientPtr client, xkbExtensionDeviceNotify * ev)
-+ ClientPtr client,
-+ xkbExtensionDeviceNotify * ev,
-+ xkbSetDeviceInfoReq * stuff)
- {
- xkbDeviceLedsWireDesc *ledWire;
- int i;
-@@ -6646,6 +6648,11 @@ SetDeviceIndicators(char *wire,
- xkbIndicatorMapWireDesc *mapWire;
- XkbSrvLedInfoPtr sli;
-
-+ if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) {
-+ *status_rtrn = BadLength;
-+ return (char *) ledWire;
-+ }
-+
- namec = mapc = statec = 0;
- sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID,
- XkbXI_IndicatorMapsMask);
-@@ -6664,6 +6671,10 @@ SetDeviceIndicators(char *wire,
- memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom));
- for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
- if (ledWire->namesPresent & bit) {
-+ if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) {
-+ *status_rtrn = BadLength;
-+ return (char *) atomWire;
-+ }
- sli->names[n] = (Atom) *atomWire;
- if (sli->names[n] == None)
- ledWire->namesPresent &= ~bit;
-@@ -6681,6 +6692,10 @@ SetDeviceIndicators(char *wire,
- if (ledWire->mapsPresent) {
- for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
- if (ledWire->mapsPresent & bit) {
-+ if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) {
-+ *status_rtrn = BadLength;
-+ return (char *) mapWire;
-+ }
- sli->maps[n].flags = mapWire->flags;
- sli->maps[n].which_groups = mapWire->whichGroups;
- sli->maps[n].groups = mapWire->groups;
-@@ -6760,7 +6775,7 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
- ed.deviceID = dev->id;
- wire = (char *) &stuff[1];
- if (stuff->change & XkbXI_ButtonActionsMask) {
-- int nBtns, sz, i;
-+ int nBtns, sz, i;
- XkbAction *acts;
- DeviceIntPtr kbd;
-
-@@ -6772,7 +6787,11 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
- return BadAlloc;
- dev->button->xkb_acts = acts;
- }
-+ if (stuff->firstBtn + stuff->nBtns > nBtns)
-+ return BadValue;
- sz = stuff->nBtns * SIZEOF(xkbActionWireDesc);
-+ if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz))
-+ return BadLength;
- memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz);
- wire += sz;
- ed.reason |= XkbXI_ButtonActionsMask;
-@@ -6793,7 +6812,8 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
- int status = Success;
-
- wire = SetDeviceIndicators(wire, dev, stuff->change,
-- stuff->nDeviceLedFBs, &status, client, &ed);
-+ stuff->nDeviceLedFBs, &status, client, &ed,
-+ stuff);
- if (status != Success)
- return status;
- }
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
similarity index 84%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
index 4f001c2d3d..4d368a8b5a 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
@@ -5,11 +5,9 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://0001-test-xtest-Initialize-array-with-braces.patch \
file://sdksyms-no-build-path.patch \
file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
- file://CVE-2020-14360.patch \
- file://CVE-2020-25712.patch \
"
-SRC_URI[md5sum] = "afcae2f46d47c33863cab7fd9db7279a"
-SRC_URI[sha256sum] = "e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571"
+SRC_URI[md5sum] = "8cf8bd1f33e3736bc8dd279b20a32399"
+SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99"
CFLAGS += "-fcommon"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-03-30 2:27 ` [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10 Steve Sakoman
@ 2022-03-30 2:27 ` Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12 Steve Sakoman
` (2 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Fixes CVE-2021-3472
Stable branch update:
6b767cdf6 (tag: xorg-server-1.20.11) xserver 1.20.11
a1a1aa2c1 Fix XChangeFeedbackControl() request underflow
8890c44a7 xquartz: Remove a check for NSAppKitVersionNumber >= NSAppKitVersionNumber10_7
3c3680c36 xquartz: Don't include strndup.c any more since we no longer support 10.8 and older
e1fdc856a xquartz: Add a launch trampoline to better integrate with modern versions of macOS
8f8e9c53e xquartz: Don't process AppKit events if we haven't finished initializing
aa6f84021 xquartz: Allocate each fbconfig separately
7aa51bb57 xquartz: Fix a compiler warning about const incompatible pointer assignment
d751c46bd xquartz: Fix build with sparkle enabled
03c2e12a8 xquartz: Silence a compiler warning about missing internal methods on NSApplication
fcbd57367 xquartz: Rewrite Window menu handling to not depend on X11App.windowsMenu.numberOfItems being correct in -awakeFromNib
b27c6602b xquartz: Convert X11Controller ivars into @properties
625c7e4de xquartz: Convert X11Application ivars into @properties
3017fec60 xquartz: Fold quartzCommon.h into quartz.h
bdaff44f9 xquartz: Fold away some unnecessary hops to X11Controller through X11Application
7d22031a6 xquartz: Fold away array_with_strings_and_numbers and simplify with more modern Objective-C
937b63ff4 xqaurtz: Remove message_kit_thread() and use dispatch instead
e531d3a4c xquartz: Use objc_autoreleasePoolPush / objc_autoreleasePoolPop directly in QuartzBlockHandler
08cf6c90f xquartz: Minor code modernization -- @autoreleasepool adoption
26e0c59a9 xquartz: Remove some dead code for compatibility with older nibs
2853f3896 xquartz: Remove a workaround for AppKit versions older than Lion
1edc9b980 xquartz: Apply spell check fixes from master for easier cherry-picking of changes in xquartz
67f25cc18 xquartz: Fix applications menu table background color for dark mode
4028c2ad1 xquartz: Apply Xcode 12.4 automatic updates to nibs
ff1c8e2f7 xquartz: Update the about box copyright to 2021
a16df6028 xquartz: Ensure we call into TIS on the main thread
2087b7782 xquartz: Ensure that NSRunAlertPanel() is run on the main thread
2fe5bf4ba xquartz: Remove support for older versions of libXplugin
bc1a2a0d8 xquartz: Remove unused include of AvailabilityMacros.h from various sources
393da8b43 xquartz: Remove support for building for i386
43aaa1093 xquartz: Remove support for Mountain Lion and earlier versions of macOS
fb492686d xquartz: Remove support for Lion and earlier versions of macOS
34784415a xquartz: Remove support for SnowLeopard and earlier versions of macOS
d3f81ecaf xquartz: Remove check for libdispatch now that we don't support pre-SnowLeopard
739c5bd32 xquartz: Remove support for Leopard and earlier versions of macOS
2d7eb8249 xquartz: Remove support for Tiger and earlier versions of macOS
080f9eb76 os: Remove support for Tiger and earlier versions of macOS
be9d2fd87 xquartz: Remove support for Panther and earlier versions of macOS
d39eb5840 Fix typo "XQaurtz" in Xquartz.man
1f2b73176 XQuartz: recognize F16-F20 and Menu keys
ecc4ebf53 xquartz: Add stub ddxInputThread()
f5df31c76 meson.build: KMS support also depends on dri2
b09f5f42d xwayland: Replace LogMessage with LogMessageVerb
c17872d50 xkb: Fix heap overflow caused by optimized away min.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{xserver-xorg_1.20.10.bb => xserver-xorg_1.20.11.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.10.bb => xserver-xorg_1.20.11.bb} (89%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
index 4d368a8b5a..b800167af9 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://sdksyms-no-build-path.patch \
file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
"
-SRC_URI[md5sum] = "8cf8bd1f33e3736bc8dd279b20a32399"
-SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99"
+SRC_URI[md5sum] = "a22ccd74a5eee721cad6805e489c7144"
+SRC_URI[sha256sum] = "914c796e3ffabe1af48071d40ccc85e92117c97a9082ed1df29e4d64e3c34c49"
CFLAGS += "-fcommon"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-03-30 2:27 ` [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11 Steve Sakoman
@ 2022-03-30 2:27 ` Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14 Steve Sakoman
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Stable branch update:
b88ad0b34 (tag: xorg-server-1.20.12) xserver 1.20.12
8dea50223 Build xz tarballs instead of bzip2
b7adbac7d hw/dmx/config: Link directly with libdmxconfig.a
e49738f0c xfree86: Fix NULL pointer dereference crash
9a59631a4 glx: Fix use after free in MakeCurrent
1fc0ca6e6 xfree86: Fix out of array bound access to xf86Entities
a4210fe07 xfree86: Change displays array to pointers array to fix invalid pointer issues after table reallocation
22449f630 glamor: Avoid using GL_QUADS on V3D
d16f64031 modesetting: Fix possible_crtcs
f1e76731a modesetting: Update props for dynamically added outputs
7bf477711 xquartz: Ensure the mouse pointer is shown when switching to a native macOS alert or window
3ef6e7b76 xquartz: Fix appFlags build failure with macOS 10.15+ SDKs
2a83c840c glx: Set ContextTag for all contexts
394b6cc1c glx: don't create implicit GLXWindow if one already exists
0086535e7 modesetting: Remove few common functions from ms namespace
321964443 modesetting: remove unnecessary ms_covering_xf86_crtc dup of ms_covering_randr_crtc
52eb801d0 modesetting: Find crtc on slave outputs as fallback instead of returning primary crtc
c7a2da7b9 present: fix msc offset calculation in screen mode
31544e68e present: Use crtc's screen present operation for syncing
464cbee1c modesetting: Initialize present extension despite glamor is disabled
4e11bd390 modesetting: Disable reverse prime offload mode for displays running on evdi,udl
627252933 dix: Guard against non-existing PtrFeedbackPtr
d41b43345 xwayland: Add PtrFeedback to the touch device
23a53f0d5 glx: fixup symbol name for get_extensions function
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
.../{xserver-xorg_1.20.11.bb => xserver-xorg_1.20.12.bb} | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.11.bb => xserver-xorg_1.20.12.bb} (89%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index c891211c40..ce57982a7d 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -16,7 +16,7 @@ PE = "2"
INC_PR = "r8"
XORG_PN = "xorg-server"
-SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2"
+SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.gz"
CVE_PRODUCT = "xorg-server x_server"
# This is specific to Debian's xserver-wrapper.c
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
index b800167af9..2b326082d0 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://sdksyms-no-build-path.patch \
file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
"
-SRC_URI[md5sum] = "a22ccd74a5eee721cad6805e489c7144"
-SRC_URI[sha256sum] = "914c796e3ffabe1af48071d40ccc85e92117c97a9082ed1df29e4d64e3c34c49"
+SRC_URI[md5sum] = "8775d8c22de768107978202fcf240e2e"
+SRC_URI[sha256sum] = "71687561262e4527a7ef779193725416f70c3e0424daaa9a6617bd37dc7701bb"
CFLAGS += "-fcommon"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-03-30 2:27 ` [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12 Steve Sakoman
@ 2022-03-30 2:27 ` Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14 Steve Sakoman
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Stable branch update:
86a72cb19 (tag: xorg-server-1.20.13) xserver 1.20.13
f85e4edba modesetting: unflip not possible when glamor is not set
b03d7184b present: fallback get_crtc to return crtc belonging to screen with present extension
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{xserver-xorg_1.20.12.bb => xserver-xorg_1.20.13.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.12.bb => xserver-xorg_1.20.13.bb} (89%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
index 2b326082d0..424d81add9 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://sdksyms-no-build-path.patch \
file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
"
-SRC_URI[md5sum] = "8775d8c22de768107978202fcf240e2e"
-SRC_URI[sha256sum] = "71687561262e4527a7ef779193725416f70c3e0424daaa9a6617bd37dc7701bb"
+SRC_URI[md5sum] = "1724c6efe8599fb0dc6c69c5f268de71"
+SRC_URI[sha256sum] = "26f801f4d92216995f389873cf3b4e90069cf63e94bc5dd09ebbf7fd7e1ddcc2"
CFLAGS += "-fcommon"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-03-30 2:27 ` [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13 Steve Sakoman
@ 2022-03-30 2:27 ` Steve Sakoman
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Fixes: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011
Stable branch update:
97c5b7777 (HEAD -> server-1.20-branch, tag: xorg-server-1.20.14, origin/server-1.20-branch) xserver 1.20.14
35b4681c7 render: Fix out of bounds access in SProcRenderCompositeGlyphs()
67425fcab Xext: Fix out of bounds access in SProcScreenSaverSuspend()
6bb8aeb30 xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
acc50e609 record: Fix out of bounds access in SwapCreateRegister()
5ff3310b6 modesetting: Allow Present flips with mismatched stride on atomic drivers.
574fe59ef Fix RandR leasing for more than 1 simultaneously active lease.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{xserver-xorg_1.20.13.bb => xserver-xorg_1.20.14.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.13.bb => xserver-xorg_1.20.14.bb} (89%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
index 424d81add9..d176f390a4 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://sdksyms-no-build-path.patch \
file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
"
-SRC_URI[md5sum] = "1724c6efe8599fb0dc6c69c5f268de71"
-SRC_URI[sha256sum] = "26f801f4d92216995f389873cf3b4e90069cf63e94bc5dd09ebbf7fd7e1ddcc2"
+SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf"
+SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066"
CFLAGS += "-fcommon"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-07-29 15:24 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-07-29 15:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3993
The following changes since commit 3f40d5f095ceb099b604750db96058df00fcd49e:
build-appliance-image: Update to dunfell head revision (2022-07-25 15:09:15 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (5):
gnupg: CVE-2022-34903 possible signature forgery via injection into
the status line
grub2: Fix buffer underflow write in the heap
qemu: CVE-2022-35414 can perform an uninitialized read on the
translate_fail path, leading to an io_readx or io_writex crash
libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By
Zero Error
libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
LUIS ENRIQUEZ (1):
kernel-fitimage.bbclass: add padding algorithm property in config
nodes
Sana.Kazi (1):
libjpeg-turbo: Fix CVE-2021-46822
meta/classes/kernel-fitimage.bbclass | 5 +
.../grub/files/CVE-2021-3695.patch | 178 +++++++++++++++++
.../grub/files/CVE-2021-3696.patch | 46 +++++
.../grub/files/CVE-2021-3697.patch | 82 ++++++++
meta/recipes-bsp/grub/grub2.inc | 5 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-35414.patch | 53 +++++
.../libtirpc/libtirpc/CVE-2021-46828.patch | 155 +++++++++++++++
.../libtirpc/libtirpc_1.2.6.bb | 4 +-
.../jpeg/files/CVE-2021-46822.patch | 133 +++++++++++++
.../jpeg/libjpeg-turbo_2.0.4.bb | 1 +
...022-2056-CVE-2022-2057-CVE-2022-2058.patch | 183 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
.../gnupg/gnupg/CVE-2022-34903.patch | 44 +++++
meta/recipes-support/gnupg/gnupg_2.2.27.bb | 1 +
15 files changed, 890 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3695.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3696.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3697.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-35414.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2021-46822.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-09-08 2:28 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-09-08 2:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4200
The following changes since commit 345193f36d08cfe4899c65e8edf3f79db09c50d2:
relocate_sdk.py: ensure interpreter size error causes relocation to fail (2022-08-29 05:02:16 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (1):
sqlite: CVE-2022-35737 assertion failure
Joshua Watt (1):
classes: cve-check: Get shared database lock
Ranjitsinh Rathod (2):
libarchive: Fix CVE-2021-23177 issue
libarchive: Fix CVE-2021-31566 issue
Richard Purdie (1):
vim: Upgrade 9.0.0242 -> 9.0.0341
Robert Joslyn (1):
curl: Backport patch for CVE-2022-35252
Ross Burton (1):
cve-check: close cursors as soon as possible
meta/classes/cve-check.bbclass | 36 ++--
.../recipes-core/meta/cve-update-db-native.bb | 51 ++---
.../libarchive/CVE-2021-23177.patch | 183 ++++++++++++++++++
.../libarchive/CVE-2021-31566-01.patch | 23 +++
.../libarchive/CVE-2021-31566-02.patch | 172 ++++++++++++++++
.../libarchive/libarchive_3.4.2.bb | 3 +
.../curl/curl/CVE-2022-35252.patch | 72 +++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
.../sqlite/files/CVE-2022-35737.patch | 29 +++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
11 files changed, 535 insertions(+), 40 deletions(-)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-10-24 14:24 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-24 14:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4364
The following changes since commit aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f:
qemu: Avoid accidental librdmacm linkage (2022-10-12 05:13:44 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.216
linux-yocto/5.4: update to v5.4.219
Omkar (1):
dbus: upgrade 1.12.22 -> 1.12.24
Paul Eggleton (1):
classes/kernel-fitimage: add ability to add additional signing options
Steve Sakoman (2):
devtool: add HostKeyAlgorithms option to ssh and scp commands
selftest: skip virgl test on all Alma Linux
wangmy (1):
dbus: upgrade 1.12.20 -> 1.12.22
meta/classes/kernel-fitimage.bbclass | 6 ++++-
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
meta/lib/oeqa/selftest/cases/runtime_test.py | 4 ++--
...s-test_1.12.20.bb => dbus-test_1.12.24.bb} | 0
meta/recipes-core/dbus/dbus.inc | 3 +--
.../dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} | 0
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
scripts/lib/devtool/deploy.py | 8 +++----
10 files changed, 31 insertions(+), 28 deletions(-)
rename meta/recipes-core/dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.24.bb} (100%)
rename meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} (100%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-12-01 15:25 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-12-01 15:25 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4565
The following changes since commit 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba:
sstate: Account for reserved characters when shortening sstate filenames (2022-11-23 00:26:19 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
linux-firmware: upgrade 20220913 -> 20221012
Chen Qi (1):
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
Dmitry Baryshkov (1):
linux-firmware: upgrade 20221012 -> 20221109
Mike Crowe (1):
kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE
Ross Burton (1):
pixman: backport fix for CVE-2022-44638
Vivek Kumbhar (1):
qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead
to guest crash
Wang Mingyu (1):
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
meta/classes/kernel.bbclass | 29 ++++++++-
.../mobile-broadband-provider-info_git.bb | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-20196.patch | 62 +++++++++++++++++++
.../xorg-lib/pixman/CVE-2022-44638.patch | 34 ++++++++++
.../xorg-lib/pixman_0.38.4.bb | 1 +
...20220913.bb => linux-firmware_20221109.bb} | 6 +-
7 files changed, 129 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221109.bb} (99%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-04-04 2:39 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-04-04 2:39 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5141
The following changes since commit 1c7d555379c4b0962bccd018870989050d87675f:
classes/package: Use gzip for extended package data (2023-03-27 16:29:20 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Geoffrey GIRY (1):
cve-check: Fix false negative version issue
Hitendra Prajapati (2):
curl: CVE-2023-23916 HTTP multi-header compression denial of service
qemu: fix compile error which imported by CVE-2022-4144
Martin Jansa (1):
bmap-tools: switch to main branch
Randy MacLeod (1):
vim: upgrade 9.0.1403 -> 9.0.1429
Shubham Kulkarni (1):
go-runtime: Security fix for CVE-2022-41723
Vijay Anusuri (1):
git: Security fix for CVE-2023-22490 and CVE-2023-23946
meta/classes/cve-check.bbclass | 5 +-
meta/lib/oe/cve_check.py | 37 +++
meta/lib/oeqa/selftest/cases/cve_check.py | 19 ++
.../git/files/CVE-2023-22490-1.patch | 179 +++++++++++++
.../git/files/CVE-2023-22490-2.patch | 122 +++++++++
.../git/files/CVE-2023-22490-3.patch | 154 ++++++++++++
.../git/files/CVE-2023-23946.patch | 184 ++++++++++++++
meta/recipes-devtools/git/git.inc | 4 +
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2022-41723.patch | 156 ++++++++++++
meta/recipes-devtools/qemu/qemu.inc | 1 +
...ass-requested-buffer-size-to-qxl_phy.patch | 236 ++++++++++++++++++
.../bmap-tools/bmap-tools_3.5.bb | 2 +-
.../curl/curl/CVE-2023-23916.patch | 231 +++++++++++++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
16 files changed, 1332 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-1.patch
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-2.patch
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-23946.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-04-22 15:57 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-04-22 15:57 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210
The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3:
curl: CVE-2023-27534 SFTP path ~ resolving discrepancy (2023-04-14 07:14:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (2):
curl: CVE-2023-27538 fix SSH connection too eager reuse
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Peter Marko (1):
go: ignore CVE-2022-41716
Shubham Kulkarni (2):
go-runtime: Security fix for CVE-2022-41722
go: Security fix for CVE-2020-29510
Vivek Kumbhar (1):
go: fix CVE-2023-24537 Infinite loop in parsing
rajmohan r (1):
systemd: Fix CVE-2023-26604
.../systemd/systemd/CVE-2023-26604-1.patch | 115 ++++++++
.../systemd/systemd/CVE-2023-26604-2.patch | 264 ++++++++++++++++++
.../systemd/systemd/CVE-2023-26604-3.patch | 182 ++++++++++++
.../systemd/systemd/CVE-2023-26604-4.patch | 32 +++
meta/recipes-core/systemd/systemd_244.5.bb | 4 +
meta/recipes-devtools/go/go-1.14.inc | 7 +
.../go/go-1.14/CVE-2020-29510.patch | 65 +++++
.../go/go-1.14/CVE-2022-41722-1.patch | 53 ++++
.../go/go-1.14/CVE-2022-41722-2.patch | 104 +++++++
.../go/go-1.14/CVE-2023-24537.patch | 76 +++++
.../screen/screen/CVE-2023-24626.patch | 40 +++
meta/recipes-extended/screen/screen_4.8.0.bb | 1 +
.../curl/curl/CVE-2023-27538.patch | 31 ++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
14 files changed, 975 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-2.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-3.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2020-29510.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-05-11 21:28 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-05-11 21:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5294
The following changes since commit fd4cc8d7b5156c43d162a1a5a809fae507457ef4:
build-appliance-image: Update to dunfell head revision (2023-05-03 12:29:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Ashish Sharma (1):
connman: Fix CVE-2023-28488 DoS in client.c
Peter Marko (1):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Vivek Kumbhar (1):
freetype: fix CVE-2023-2004 integer overflowin in
tt_hvadvance_adjust() in src/truetype/ttgxvar.c
Yoann Congal (1):
linux-yocto: Exclude 294 CVEs already fixed upstream
.../connman/connman/CVE-2023-28488.patch | 54 +
.../connman/connman_1.37.bb | 1 +
.../libxml/libxml2/CVE-2023-28484.patch | 79 +
.../libxml/libxml2/CVE-2023-29469.patch | 42 +
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
meta/recipes-devtools/go/go-1.14.inc | 3 +
.../go/go-1.14/CVE-2023-24538-1.patch | 125 ++
.../go/go-1.14/CVE-2023-24538-2.patch | 196 ++
.../go/go-1.14/CVE-2023-24538-3.patch | 208 ++
.../run-postinsts/run-postinsts.service | 2 +-
.../freetype/freetype/CVE-2023-2004.patch | 40 +
.../freetype/freetype_2.10.1.bb | 1 +
meta/recipes-kernel/linux/cve-exclusion.inc | 1840 +++++++++++++++++
meta/recipes-kernel/linux/linux-yocto.inc | 3 +
meta/recipes-support/libbsd/libbsd_0.10.0.bb | 6 +
15 files changed, 2601 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-09-26 14:12 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-09-26 14:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5947
The following changes since commit 8b91c463fb3546836789e1890b3c68acf69c162a:
build-appliance-image: Update to dunfell head revision (2023-09-16 11:16:49 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Archana Polampalli (1):
vim: upgrade 9.0.1592 -> 9.0.1664
Michael Opdenacker (1):
flac: fix CVE-2020-22219
Richard Purdie (1):
vim: Upgrade 9.0.1664 -> 9.0.1894
Ross Burton (1):
gcc: Fix -fstack-protector issue on aarch64
Siddharth Doshi (2):
gdb: Fix CVE-2023-39128
libxml2: Fix CVE-2023-39615
Vijay Anusuri (1):
go: Backport fix for CVE-2022-41725 and CVE-2023-24536
.../libxml/libxml2/CVE-2023-39615-0001.patch | 36 +
.../libxml/libxml2/CVE-2023-39615-0002.patch | 71 +
.../libxml/libxml2/CVE-2023-39615-pre.patch | 44 +
meta/recipes-core/libxml/libxml2_2.9.10.bb | 3 +
meta/recipes-devtools/gcc/gcc-9.5.inc | 1 +
.../gcc/gcc-9.5/CVE-2023-4039.patch | 1506 +++++++++++++++++
meta/recipes-devtools/gdb/gdb-9.1.inc | 1 +
.../gdb/gdb/0012-CVE-2023-39128.patch | 75 +
meta/recipes-devtools/go/go-1.14.inc | 7 +
.../go/go-1.14/CVE-2022-41725-pre1.patch | 85 +
.../go/go-1.14/CVE-2022-41725-pre2.patch | 97 ++
.../go/go-1.14/CVE-2022-41725-pre3.patch | 98 ++
.../go/go-1.14/CVE-2022-41725.patch | 660 ++++++++
.../go/go-1.14/CVE-2023-24536_1.patch | 134 ++
.../go/go-1.14/CVE-2023-24536_2.patch | 184 ++
.../go/go-1.14/CVE-2023-24536_3.patch | 349 ++++
.../flac/files/CVE-2020-22219.patch | 197 +++
meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 +
meta/recipes-support/vim/vim.inc | 6 +-
19 files changed, 3552 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch
create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2024-02-13 21:43 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-02-13 21:43 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, February 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6564
The following changes since commit 18ae4fea4bf8681f9138d21124589918e336ff6b:
systemtap: Fix build with gcc-12 (2024-01-25 03:58:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Matthias Schmitz (1):
rsync: Fix rsync hanging when used with --relative
Ming Liu (1):
go: add a complementary fix for CVE-2023-29406
Peter Marko (1):
curl: ignore CVE-2023-42915
Vijay Anusuri (1):
ghostscript: Backport fix for CVE-2020-36773
Zahir Hussain (1):
cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
virendra thakur (2):
perl: Whitelist CVE-2023-47039
ncurses: Fix CVE-2023-29491
.../ncurses/files/CVE-2023-29491.patch | 45 +++++++
meta/recipes-core/ncurses/ncurses_6.2.bb | 3 +-
.../cmake/cmake/OEToolchainConfig.cmake | 3 +
meta/recipes-devtools/go/go-1.14.inc | 3 +-
...023-29406.patch => CVE-2023-29406-1.patch} | 0
.../go/go-1.14/CVE-2023-29406-2.patch | 114 ++++++++++++++++++
meta/recipes-devtools/perl/perl_5.30.1.bb | 4 +
...lative-when-copying-an-absolute-path.patch | 31 +++++
meta/recipes-devtools/rsync/rsync_3.1.3.bb | 1 +
.../ghostscript/CVE-2020-36773.patch | 109 +++++++++++++++++
.../ghostscript/ghostscript_9.52.bb | 1 +
meta/recipes-support/curl/curl_7.69.1.bb | 3 +
12 files changed, 315 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
rename meta/recipes-devtools/go/go-1.14/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch
create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2024-04-03 3:11 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-04-03 3:11 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, April 4
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6757
The following changes since commit d0811b98fa3847dbbfcfe6a80694509bb29aaf9c:
yocto-uninative: Update to 4.4 for glibc 2.39 (2024-03-18 11:44:32 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Steve Sakoman (2):
tar: bump PR to deal with sstate corruption on autobuilder
perf: bump PR to deal with sstate corruption on autobuilder
Vijay Anusuri (4):
libtiff: backport Debian patch for CVE-2023-6277 & CVE-2023-52356
go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785
tar: Fix for CVE-2023-39804
curl: backport Debian patch for CVE-2024-2398
virendra thakur (1):
openssl: Fix CVE-2024-0727
.../openssl/openssl/CVE-2024-0727.patch | 122 ++++++++
.../openssl/openssl_1.1.1w.bb | 1 +
meta/recipes-devtools/go/go-1.14.inc | 3 +
.../go/go-1.14/CVE-2023-45289.patch | 121 ++++++++
.../go/go-1.14/CVE-2023-45290.patch | 271 ++++++++++++++++++
.../go/go-1.14/CVE-2024-24785.patch | 197 +++++++++++++
.../tar/tar/CVE-2023-39804.patch | 64 +++++
meta/recipes-extended/tar/tar_1.32.bb | 3 +
meta/recipes-kernel/perf/perf.bb | 2 +-
.../libtiff/files/CVE-2023-52356.patch | 53 ++++
.../libtiff/files/CVE-2023-6277-1.patch | 191 ++++++++++++
.../libtiff/files/CVE-2023-6277-2.patch | 152 ++++++++++
.../libtiff/files/CVE-2023-6277-3.patch | 46 +++
.../libtiff/files/CVE-2023-6277-4.patch | 94 ++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 5 +
.../curl/curl/CVE-2024-2398.patch | 88 ++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
17 files changed, 1413 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2023-39804.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2024-04-03 3:12 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2024-04-03 3:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2024-02-13 21:43 Steve Sakoman
2023-09-26 14:12 Steve Sakoman
2023-05-11 21:28 Steve Sakoman
2023-04-22 15:57 Steve Sakoman
2023-04-04 2:39 Steve Sakoman
2022-12-01 15:25 Steve Sakoman
2022-10-24 14:24 Steve Sakoman
2022-09-08 2:28 Steve Sakoman
2022-07-29 15:24 Steve Sakoman
2021-07-15 14:07 Steve Sakoman
2021-07-15 14:16 ` Andrej Valek
2020-09-18 16:15 Steve Sakoman
2020-08-17 15:11 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox