* [OE-core][dunfell 0/7] Patch review
@ 2022-03-30 2:27 Steve Sakoman
2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman
` (6 more replies)
0 siblings, 7 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3445
The following changes since commit da5cba5ec56cc437ede46d8aa71219a2a34cbe9e:
oeqa/selftest/tinfoil: Fix intermittent event loss issue in test (2022-03-26 16:25:24 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Steve Sakoman (7):
util-linux: fix CVE-2022-0563
xserver-xorg: update to 1.20.9
xserver-xorg: update to 1.20.10
xserver-xorg: update to 1.20.11
xserver-xorg: update to 1.20.12
xserver-xorg: update to 1.20.13
xserver-xorg: update to 1.20.14
.../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++
.../util-linux/util-linux_2.35.1.bb | 1 +
.../xorg-xserver/xserver-xorg.inc | 2 +-
.../xserver-xorg/CVE-2020-14345.patch | 182 ------------------
.../xserver-xorg/CVE-2020-14346.patch | 36 ----
.../xserver-xorg/CVE-2020-14347.patch | 38 ----
.../xserver-xorg/CVE-2020-14360.patch | 132 -------------
.../xserver-xorg/CVE-2020-14361.patch | 36 ----
.../xserver-xorg/CVE-2020-14362.patch | 70 -------
.../xserver-xorg/CVE-2020-25712.patch | 102 ----------
...xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} | 11 +-
11 files changed, 165 insertions(+), 606 deletions(-)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} (73%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread* [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman @ 2022-03-30 2:27 ` Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9 Steve Sakoman ` (5 subsequent siblings) 6 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw) To: openembedded-core A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Backport patch from upstream: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Patch required slight modifications to apply cleanly to util-linux 2.35.1 Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++++ .../util-linux/util-linux_2.35.1.bb | 1 + 2 files changed, 162 insertions(+) create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch new file mode 100644 index 0000000000..54b496ea3f --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch @@ -0,0 +1,161 @@ +From faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Thu, 10 Feb 2022 12:03:17 +0100 +Subject: [PATCH] chsh, chfn: remove readline support [CVE-2022-0563] + +The readline library uses INPUTRC= environment variable to get a path +to the library config file. When the library cannot parse the +specified file, it prints an error message containing data from the +file. + +Unfortunately, the library does not use secure_getenv() (or a similar +concept) to avoid vulnerabilities that could occur if set-user-ID or +set-group-ID programs. + +Reported-by: Rory Mackie <rory.mackie@trailofbits.com> +Signed-off-by: Karel Zak <kzak@redhat.com> + +Upstream-status: Backport +https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 + +CVE: CVE-2022-0563 + +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + login-utils/Makemodule.am | 2 +- + login-utils/chfn.c | 16 +++------------ + login-utils/chsh.c | 42 ++------------------------------------- + 3 files changed, 6 insertions(+), 54 deletions(-) + +diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am +index fac5bfc..73636af 100644 +--- a/login-utils/Makemodule.am ++++ b/login-utils/Makemodule.am +@@ -82,7 +82,7 @@ chfn_chsh_sources = \ + login-utils/ch-common.c + chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS) + chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS) +-chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS) ++chfn_chsh_ldadd = libcommon.la + + if CHFN_CHSH_PASSWORD + chfn_chsh_ldadd += -lpam +diff --git a/login-utils/chfn.c b/login-utils/chfn.c +index b739555..2f8e44a 100644 +--- a/login-utils/chfn.c ++++ b/login-utils/chfn.c +@@ -56,11 +56,6 @@ + # include "auth.h" + #endif + +-#ifdef HAVE_LIBREADLINE +-# define _FUNCTION_DEF +-# include <readline/readline.h> +-#endif +- + struct finfo { + char *full_name; + char *office; +@@ -229,22 +224,17 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question, + { + int len; + char *buf; +-#ifndef HAVE_LIBREADLINE +- size_t dummy = 0; +-#endif + + if (!def_val) + def_val = ""; ++ + while (true) { + printf("%s [%s]: ", question, def_val); + __fpurge(stdin); +-#ifdef HAVE_LIBREADLINE +- rl_bind_key('\t', rl_insert); +- if ((buf = readline(NULL)) == NULL) +-#else ++ + if (getline(&buf, &dummy, stdin) < 0) +-#endif + errx(EXIT_FAILURE, _("Aborted.")); ++ + /* remove white spaces from string end */ + ltrim_whitespace((unsigned char *) buf); + len = rtrim_whitespace((unsigned char *) buf); +diff --git a/login-utils/chsh.c b/login-utils/chsh.c +index a9ebec8..ee6ff87 100644 +--- a/login-utils/chsh.c ++++ b/login-utils/chsh.c +@@ -58,11 +58,6 @@ + # include "auth.h" + #endif + +-#ifdef HAVE_LIBREADLINE +-# define _FUNCTION_DEF +-# include <readline/readline.h> +-#endif +- + struct sinfo { + char *username; + char *shell; +@@ -121,33 +116,6 @@ static void print_shells(void) + endusershell(); + } + +-#ifdef HAVE_LIBREADLINE +-static char *shell_name_generator(const char *text, int state) +-{ +- static size_t len; +- char *s; +- +- if (!state) { +- setusershell(); +- len = strlen(text); +- } +- +- while ((s = getusershell())) { +- if (strncmp(s, text, len) == 0) +- return xstrdup(s); +- } +- return NULL; +-} +- +-static char **shell_name_completion(const char *text, +- int start __attribute__((__unused__)), +- int end __attribute__((__unused__))) +-{ +- rl_attempted_completion_over = 1; +- return rl_completion_matches(text, shell_name_generator); +-} +-#endif +- + /* + * parse_argv () -- + * parse the command line arguments, and fill in "pinfo" with any +@@ -198,20 +166,14 @@ static char *ask_new_shell(char *question, char *oldshell) + { + int len; + char *ans = NULL; +-#ifdef HAVE_LIBREADLINE +- rl_attempted_completion_function = shell_name_completion; +-#else + size_t dummy = 0; +-#endif ++ + if (!oldshell) + oldshell = ""; + printf("%s [%s]\n", question, oldshell); +-#ifdef HAVE_LIBREADLINE +- if ((ans = readline("> ")) == NULL) +-#else + if (getline(&ans, &dummy, stdin) < 0) +-#endif + return NULL; ++ + /* remove the newline at the end of ans. */ + ltrim_whitespace((unsigned char *) ans); + len = rtrim_whitespace((unsigned char *) ans); +-- +2.25.1 + diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb index 96d5eca518..89dc564ecb 100644 --- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb @@ -15,6 +15,7 @@ SRC_URI += "file://configure-sbindir.patch \ file://include-strutils-cleanup-strto-functions.patch \ file://CVE-2021-3995.patch \ file://CVE-2021-3996.patch \ + file://CVE-2022-0563.patch \ " SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf" SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9" -- 2.25.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman @ 2022-03-30 2:27 ` Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10 Steve Sakoman ` (4 subsequent siblings) 6 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw) To: openembedded-core Remove CVE patches contained in this release. Stable branch update: afb77415e (tag: xorg-server-1.20.9) xserver 1.20.9 705d72139 Fix XRecordRegisterClients() Integer underflow 5b384e767 Fix XkbSelectEvents() integer underflow eff3f6cdd Fix XIChangeHierarchy() integer underflow 1d3a1092c Correct bounds checking in XkbSetNames() 249a12c54 linux: Fix platform device probe for DT-based PCI 5c96eb5f4 linux: Fix platform device PCI detection for complex bus topologies 74b7427c4 linux: Make platform device probe less fragile 4979ac8f0 fix for ZDI-11426 2720b8715 xfree86: add drm modes on non-GTF panels 7da8e7bab present: Check valid region in window mode flips 4a65b6617 xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp 10cabe0b9 xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip 3b51978b9 doc: Update URLs in Xserver-DTrace.xml 6cbd6a09b xwayland: Use a fixed DPI value for core protocol d4e8c4622 xwayland: only use linux-dmabuf if format/modifier was advertised c726ceacc hw/xfree86: Avoid cursor use after free 0679d4660 Update URL's in man pages 3059a2e62 xwayland: Disable the MIT-SCREEN-SAVER extension when rootless 23c55ec32 xwayland: Hold a pixmap reference in struct xwl_present_event 1179938c1 randr: Check rrPrivKey in RRHasScanoutPixmap() 4912f693e modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation ccbcf083d xwayland: Store xwl_tablet_pad in its own private key cc3613559 xwayland: Initialise values in xwlVidModeGetGamma() 533cc6ca0 xwayland: Fix crashes when there is no pointer 3aa31823d xwayland: Clear private on device removal 22c0808ac xwayland: Free all remaining events in xwl_present_cleanup 37779d7f4 xwayland: Always use xwl_present_free_event for freeing Present events ba52e5eb0 present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip b3310ed50 present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip fc297c87d xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only 0430d13c1 xwayland: Fix infinite loop at startup b8b10e293 modesetting: Disable pageflipping when using a swcursor 271934db9 dix: do not send focus event when grab actually does not change Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../xserver-xorg/CVE-2020-14345.patch | 182 ------------------ .../xserver-xorg/CVE-2020-14346.patch | 36 ---- .../xserver-xorg/CVE-2020-14347.patch | 38 ---- .../xserver-xorg/CVE-2020-14361.patch | 36 ---- .../xserver-xorg/CVE-2020-14362.patch | 70 ------- ...-xorg_1.20.8.bb => xserver-xorg_1.20.9.bb} | 9 +- 6 files changed, 2 insertions(+), 369 deletions(-) delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.9.bb} (78%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch deleted file mode 100644 index fb3a37c474..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch +++ /dev/null @@ -1,182 +0,0 @@ -From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Tue, 18 Aug 2020 14:46:32 +0200 -Subject: [PATCH] Correct bounds checking in XkbSetNames() - -CVE-2020-14345 / ZDI 11428 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - -Upstream-Status: Backport -CVE: CVE-2020-14345 -Affects < 1.20.9 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 48 insertions(+) - -Index: xorg-server-1.20.8/xkb/xkb.c -=================================================================== ---- xorg-server-1.20.8.orig/xkb/xkb.c -+++ xorg-server-1.20.8/xkb/xkb.c -@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT; - #define CHK_REQ_KEY_RANGE(err,first,num,r) \ - CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue) - -+static Bool -+_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) { -+ char *cstuff = (char *)stuff; -+ char *cfrom = (char *)from; -+ char *cto = (char *)to; -+ -+ return cfrom < cto && -+ cfrom >= cstuff && -+ cfrom < cstuff + ((size_t)client->req_len << 2) && -+ cto >= cstuff && -+ cto <= cstuff + ((size_t)client->req_len << 2); -+} -+ - /***====================================================================***/ - - int -@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = _XkbErrCode2(0x04, stuff->firstType); - return BadAccess; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes)) -+ return BadLength; - old = tmp; - tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad); - if (!tmp) { -@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi - } - width = (CARD8 *) tmp; - tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels)); -+ if (!_XkbCheckRequestBounds(client, stuff, width, tmp)) -+ return BadLength; - type = &xkb->map->types[stuff->firstKTLevel]; - for (i = 0; i < stuff->nKTLevels; i++, type++) { - if (width[i] == 0) -@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi - type->num_levels, width[i]); - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i])) -+ return BadLength; - tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad); - if (!tmp) { - client->errorValue = bad; -@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = 0x08; - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + Ones(stuff->indicators))) -+ return BadLength; - tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators, - client->swapped, &bad); - if (!tmp) { -@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = 0x09; - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + Ones(stuff->virtualMods))) -+ return BadLength; - tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods, - (CARD32) stuff->virtualMods, - client->swapped, &bad); -@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = 0x0a; - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + Ones(stuff->groupNames))) -+ return BadLength; - tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups, - (CARD32) stuff->groupNames, - client->swapped, &bad); -@@ -4141,9 +4169,14 @@ _XkbSetNamesCheck(ClientPtr client, Devi - stuff->nKeys); - return BadValue; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys)) -+ return BadLength; - tmp += stuff->nKeys; - } - if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) { -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + (stuff->nKeyAliases * 2))) -+ return BadLength; - tmp += stuff->nKeyAliases * 2; - } - if (stuff->which & XkbRGNamesMask) { -@@ -4151,6 +4184,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups); - return BadValue; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + stuff->nRadioGroups)) -+ return BadLength; - tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad); - if (!tmp) { - client->errorValue = bad; -@@ -4344,6 +4380,8 @@ ProcXkbSetNames(ClientPtr client) - /* check device-independent stuff */ - tmp = (CARD32 *) &stuff[1]; - -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbKeycodesNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4351,6 +4389,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbGeometryNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4358,6 +4398,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbSymbolsNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4365,6 +4407,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbPhysSymbolsNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4372,6 +4416,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbTypesNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4379,6 +4425,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbCompatNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch deleted file mode 100644 index 4994a21d33..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Tue, 18 Aug 2020 14:49:04 +0200 -Subject: [PATCH] Fix XIChangeHierarchy() integer underflow - -CVE-2020-14346 / ZDI-CAN-11429 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff] -CVE: CVE-2020-14346 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - Xi/xichangehierarchy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c -index cbdd91258..504defe56 100644 ---- a/Xi/xichangehierarchy.c -+++ b/Xi/xichangehierarchy.c -@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client) - if (!stuff->num_changes) - return rc; - -- len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq); -+ len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq); - - any = (xXIAnyHierarchyChangeInfo *) &stuff[1]; - while (stuff->num_changes--) { --- -2.17.1 - diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch deleted file mode 100644 index cf3f5f9417..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch +++ /dev/null @@ -1,38 +0,0 @@ -From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Sat, 25 Jul 2020 19:33:50 +0200 -Subject: [PATCH] fix for ZDI-11426 - -Avoid leaking un-initalized memory to clients by zeroing the -whole pixmap on initial allocation. - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> - - -Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816] -CVE: CVE-2020-14347 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - dix/pixmap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dix/pixmap.c b/dix/pixmap.c -index 1186d7dbbf..5a0146bbb6 100644 ---- a/dix/pixmap.c -+++ b/dix/pixmap.c -@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) - if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) - return NullPixmap; - -- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); -+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize); - if (!pPixmap) - return NullPixmap; - --- -GitLab - diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch deleted file mode 100644 index 710cc3873c..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 144849ea27230962227e62a943b399e2ab304787 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Tue, 18 Aug 2020 14:52:29 +0200 -Subject: [PATCH] Fix XkbSelectEvents() integer underflow - -CVE-2020-14361 ZDI-CAN 11573 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787] -CVE: CVE-2020-14361 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - xkb/xkbSwap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c -index 1c1ed5ff4..50cabb90e 100644 ---- a/xkb/xkbSwap.c -+++ b/xkb/xkbSwap.c -@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client) - register unsigned bit, ndx, maskLeft, dataLeft, size; - - from.c8 = (CARD8 *) &stuff[1]; -- dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq); -+ dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq); - maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask)); - for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) { - if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify)) --- -2.17.1 - diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch deleted file mode 100644 index 2103e9c198..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Tue, 18 Aug 2020 14:55:01 +0200 -Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow - -CVE-2020-14362 ZDI-CAN-11574 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc] -CVE: CVE-2020-14362 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - record/record.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/record/record.c b/record/record.c -index f2d38c877..be154525d 100644 ---- a/record/record.c -+++ b/record/record.c -@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client) - } /* SProcRecordQueryVersion */ - - static int _X_COLD --SwapCreateRegister(xRecordRegisterClientsReq * stuff) -+SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) - { - int i; - XID *pClientID; -@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff) - swapl(&stuff->nRanges); - pClientID = (XID *) &stuff[1]; - if (stuff->nClients > -- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)) -+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)) - return BadLength; - for (i = 0; i < stuff->nClients; i++, pClientID++) { - swapl(pClientID); - } - if (stuff->nRanges > -- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq) -+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) - - stuff->nClients) - return BadLength; - RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); -@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client) - - swaps(&stuff->length); - REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq); -- if ((status = SwapCreateRegister((void *) stuff)) != Success) -+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) - return status; - return ProcRecordCreateContext(client); - } /* SProcRecordCreateContext */ -@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client) - - swaps(&stuff->length); - REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq); -- if ((status = SwapCreateRegister((void *) stuff)) != Success) -+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) - return status; - return ProcRecordRegisterClients(client); - } /* SProcRecordRegisterClients */ --- -2.17.1 - diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb similarity index 78% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb index 8c77c3756b..4f001c2d3d 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb @@ -5,16 +5,11 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://0001-test-xtest-Initialize-array-with-braces.patch \ file://sdksyms-no-build-path.patch \ file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ - file://CVE-2020-14347.patch \ - file://CVE-2020-14346.patch \ - file://CVE-2020-14361.patch \ - file://CVE-2020-14362.patch \ - file://CVE-2020-14345.patch \ file://CVE-2020-14360.patch \ file://CVE-2020-25712.patch \ " -SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839" -SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146" +SRC_URI[md5sum] = "afcae2f46d47c33863cab7fd9db7279a" +SRC_URI[sha256sum] = "e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571" CFLAGS += "-fcommon" -- 2.25.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9 Steve Sakoman @ 2022-03-30 2:27 ` Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11 Steve Sakoman ` (3 subsequent siblings) 6 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw) To: openembedded-core Remove CVE patches contained in this release. Stable branch update: bc111a2e6 (tag: xorg-server-1.20.10) xserver 1.20.10 06d1a032e Check SetMap request length carefully. 7ccb3b0ea Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows 440ed5948 present/wnmd: Translate update region to screen space 54f9af1c6 modesetting: keep going if a modeset fails on EnterVT bd0f53725 modesetting: check the kms state on EnterVT 5c400cae1 configure: Build hashtable for Xres and glvnd 253569a3d xwayland: Create an xwl_window for toplevel only 0811a9ff7 xwayland: non-rootless requires the wl_shell protocol b3ae038c3 glamor: Update pixmap's devKind when making it exportable d6c389cb8 os: Fix instruction pointer written in xorg_backtrace c3e4c1a0f present/wnmd: Execute copies at target_msc-1 already 96ef31e0f present/wnmd: Move up present_wnmd_queue_vblank 669e40390 present: Add present_vblank::exec_msc field dae234efd present: Move flip target_msc adjustment out of present_vblank_create 1930ed233 xwayland: Remove pending stream reference when freeing 1ac389dda xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one d108c2c82 xwayland: Do not discard frame callbacks on allow commits 174cb91d8 present/wnmd: Remove dead check from present_wnmd_check_flip 51ee6e5ce xwayland: Check window pixmap in xwl_present_check_flip2 f4006d795 present/wnmd: Can't use page flipping for windows clipped by children 1e84fda20 xfree86: Take second reference for SavedCursor in xf86CursorSetCursor 8c3c8bda2 glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling b28c88288 include: Increase the number of max. input devices to 256. af4c84ce8 Revert "linux: Make platform device probe less fragile" 39cb95e95 Revert "linux: Fix platform device PCI detection for complex bus topologies" 4b6fce597 Revert "linux: Fix platform device probe for DT-based PCI" Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../xserver-xorg/CVE-2020-14360.patch | 132 ------------------ .../xserver-xorg/CVE-2020-25712.patch | 102 -------------- ...xorg_1.20.9.bb => xserver-xorg_1.20.10.bb} | 6 +- 3 files changed, 2 insertions(+), 238 deletions(-) delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.9.bb => xserver-xorg_1.20.10.bb} (84%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch deleted file mode 100644 index e9ab42742e..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Thu, 12 Nov 2020 19:15:07 +0100 -Subject: [PATCH] Check SetMap request length carefully. - -Avoid out of bounds memory accesses on too short request. - -ZDI-CAN 11572 / CVE-2020-14360 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - -Upstream-Status: Backport -https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b -CVE: CVE-2020-14360 -Signed-off-by: Armin Kuster <akuster@mvista.com> ---- - xkb/xkb.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 92 insertions(+) - -Index: xorg-server-1.20.8/xkb/xkb.c -=================================================================== ---- xorg-server-1.20.8.orig/xkb/xkb.c -+++ xorg-server-1.20.8/xkb/xkb.c -@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi, - return (char *) wire; - } - -+#define _add_check_len(new) \ -+ if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \ -+ else len += new -+ -+/** -+ * Check the length of the SetMap request -+ */ -+static int -+_XkbSetMapCheckLength(xkbSetMapReq *req) -+{ -+ size_t len = sz_xkbSetMapReq, req_len = req->length << 2; -+ xkbKeyTypeWireDesc *keytype; -+ xkbSymMapWireDesc *symmap; -+ BOOL preserve; -+ int i, map_count, nSyms; -+ -+ if (req_len < len) -+ goto bad; -+ /* types */ -+ if (req->present & XkbKeyTypesMask) { -+ keytype = (xkbKeyTypeWireDesc *)(req + 1); -+ for (i = 0; i < req->nTypes; i++) { -+ _add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc)); -+ if (req->flags & XkbSetMapResizeTypes) { -+ _add_check_len(keytype->nMapEntries -+ * sz_xkbKTSetMapEntryWireDesc); -+ preserve = keytype->preserve; -+ map_count = keytype->nMapEntries; -+ if (preserve) { -+ _add_check_len(map_count * sz_xkbModsWireDesc); -+ } -+ keytype += 1; -+ keytype = (xkbKeyTypeWireDesc *) -+ ((xkbKTSetMapEntryWireDesc *)keytype + map_count); -+ if (preserve) -+ keytype = (xkbKeyTypeWireDesc *) -+ ((xkbModsWireDesc *)keytype + map_count); -+ } -+ } -+ } -+ /* syms */ -+ if (req->present & XkbKeySymsMask) { -+ symmap = (xkbSymMapWireDesc *)((char *)req + len); -+ for (i = 0; i < req->nKeySyms; i++) { -+ _add_check_len(sz_xkbSymMapWireDesc); -+ nSyms = symmap->nSyms; -+ _add_check_len(nSyms*sizeof(CARD32)); -+ symmap += 1; -+ symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms); -+ } -+ } -+ /* actions */ -+ if (req->present & XkbKeyActionsMask) { -+ _add_check_len(req->totalActs * sz_xkbActionWireDesc -+ + XkbPaddedSize(req->nKeyActs)); -+ } -+ /* behaviours */ -+ if (req->present & XkbKeyBehaviorsMask) { -+ _add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc); -+ } -+ /* vmods */ -+ if (req->present & XkbVirtualModsMask) { -+ _add_check_len(XkbPaddedSize(Ones(req->virtualMods))); -+ } -+ /* explicit */ -+ if (req->present & XkbExplicitComponentsMask) { -+ /* two bytes per non-zero explicit componen */ -+ _add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16))); -+ } -+ /* modmap */ -+ if (req->present & XkbModifierMapMask) { -+ /* two bytes per non-zero modmap component */ -+ _add_check_len(XkbPaddedSize(req->totalModMapKeys * sizeof(CARD16))); -+ } -+ /* vmodmap */ -+ if (req->present & XkbVirtualModMapMask) { -+ _add_check_len(req->totalVModMapKeys * sz_xkbVModMapWireDesc); -+ } -+ if (len == req_len) -+ return Success; -+bad: -+ ErrorF("[xkb] BOGUS LENGTH in SetMap: expected %ld got %ld\n", -+ len, req_len); -+ return BadLength; -+} -+ -+ - /** - * Check if the given request can be applied to the given device but don't - * actually do anything.. -@@ -2639,6 +2726,11 @@ ProcXkbSetMap(ClientPtr client) - CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixManageAccess); - CHK_MASK_LEGAL(0x01, stuff->present, XkbAllMapComponentsMask); - -+ /* first verify the request length carefully */ -+ rc = _XkbSetMapCheckLength(stuff); -+ if (rc != Success) -+ return rc; -+ - tmp = (char *) &stuff[1]; - - /* Check if we can to the SetMap on the requested device. If this diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch deleted file mode 100644 index f39f6b32b1..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Sun, 11 Oct 2020 17:05:09 +0200 -Subject: [PATCH] Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap - overflows - -ZDI-CAN 11389 / CVE-2020-25712 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - -Upstream-Status: Backport -https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9 -CVE: CVE-2020-25712 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - xkb/xkb.c | 26 +++++++++++++++++++++++--- - 1 file changed, 23 insertions(+), 3 deletions(-) - -Index: xorg-server-1.20.8/xkb/xkb.c -=================================================================== ---- xorg-server-1.20.8.orig/xkb/xkb.c -+++ xorg-server-1.20.8/xkb/xkb.c -@@ -6625,7 +6625,9 @@ SetDeviceIndicators(char *wire, - unsigned changed, - int num, - int *status_rtrn, -- ClientPtr client, xkbExtensionDeviceNotify * ev) -+ ClientPtr client, -+ xkbExtensionDeviceNotify * ev, -+ xkbSetDeviceInfoReq * stuff) - { - xkbDeviceLedsWireDesc *ledWire; - int i; -@@ -6646,6 +6648,11 @@ SetDeviceIndicators(char *wire, - xkbIndicatorMapWireDesc *mapWire; - XkbSrvLedInfoPtr sli; - -+ if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) { -+ *status_rtrn = BadLength; -+ return (char *) ledWire; -+ } -+ - namec = mapc = statec = 0; - sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID, - XkbXI_IndicatorMapsMask); -@@ -6664,6 +6671,10 @@ SetDeviceIndicators(char *wire, - memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom)); - for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { - if (ledWire->namesPresent & bit) { -+ if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) { -+ *status_rtrn = BadLength; -+ return (char *) atomWire; -+ } - sli->names[n] = (Atom) *atomWire; - if (sli->names[n] == None) - ledWire->namesPresent &= ~bit; -@@ -6681,6 +6692,10 @@ SetDeviceIndicators(char *wire, - if (ledWire->mapsPresent) { - for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { - if (ledWire->mapsPresent & bit) { -+ if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) { -+ *status_rtrn = BadLength; -+ return (char *) mapWire; -+ } - sli->maps[n].flags = mapWire->flags; - sli->maps[n].which_groups = mapWire->whichGroups; - sli->maps[n].groups = mapWire->groups; -@@ -6760,7 +6775,7 @@ _XkbSetDeviceInfoCheck(ClientPtr client, - ed.deviceID = dev->id; - wire = (char *) &stuff[1]; - if (stuff->change & XkbXI_ButtonActionsMask) { -- int nBtns, sz, i; -+ int nBtns, sz, i; - XkbAction *acts; - DeviceIntPtr kbd; - -@@ -6772,7 +6787,11 @@ _XkbSetDeviceInfoCheck(ClientPtr client, - return BadAlloc; - dev->button->xkb_acts = acts; - } -+ if (stuff->firstBtn + stuff->nBtns > nBtns) -+ return BadValue; - sz = stuff->nBtns * SIZEOF(xkbActionWireDesc); -+ if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz)) -+ return BadLength; - memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz); - wire += sz; - ed.reason |= XkbXI_ButtonActionsMask; -@@ -6793,7 +6812,8 @@ _XkbSetDeviceInfoCheck(ClientPtr client, - int status = Success; - - wire = SetDeviceIndicators(wire, dev, stuff->change, -- stuff->nDeviceLedFBs, &status, client, &ed); -+ stuff->nDeviceLedFBs, &status, client, &ed, -+ stuff); - if (status != Success) - return status; - } diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb similarity index 84% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index 4f001c2d3d..4d368a8b5a 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -5,11 +5,9 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://0001-test-xtest-Initialize-array-with-braces.patch \ file://sdksyms-no-build-path.patch \ file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ - file://CVE-2020-14360.patch \ - file://CVE-2020-25712.patch \ " -SRC_URI[md5sum] = "afcae2f46d47c33863cab7fd9db7279a" -SRC_URI[sha256sum] = "e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571" +SRC_URI[md5sum] = "8cf8bd1f33e3736bc8dd279b20a32399" +SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" CFLAGS += "-fcommon" -- 2.25.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman ` (2 preceding siblings ...) 2022-03-30 2:27 ` [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10 Steve Sakoman @ 2022-03-30 2:27 ` Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12 Steve Sakoman ` (2 subsequent siblings) 6 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw) To: openembedded-core Fixes CVE-2021-3472 Stable branch update: 6b767cdf6 (tag: xorg-server-1.20.11) xserver 1.20.11 a1a1aa2c1 Fix XChangeFeedbackControl() request underflow 8890c44a7 xquartz: Remove a check for NSAppKitVersionNumber >= NSAppKitVersionNumber10_7 3c3680c36 xquartz: Don't include strndup.c any more since we no longer support 10.8 and older e1fdc856a xquartz: Add a launch trampoline to better integrate with modern versions of macOS 8f8e9c53e xquartz: Don't process AppKit events if we haven't finished initializing aa6f84021 xquartz: Allocate each fbconfig separately 7aa51bb57 xquartz: Fix a compiler warning about const incompatible pointer assignment d751c46bd xquartz: Fix build with sparkle enabled 03c2e12a8 xquartz: Silence a compiler warning about missing internal methods on NSApplication fcbd57367 xquartz: Rewrite Window menu handling to not depend on X11App.windowsMenu.numberOfItems being correct in -awakeFromNib b27c6602b xquartz: Convert X11Controller ivars into @properties 625c7e4de xquartz: Convert X11Application ivars into @properties 3017fec60 xquartz: Fold quartzCommon.h into quartz.h bdaff44f9 xquartz: Fold away some unnecessary hops to X11Controller through X11Application 7d22031a6 xquartz: Fold away array_with_strings_and_numbers and simplify with more modern Objective-C 937b63ff4 xqaurtz: Remove message_kit_thread() and use dispatch instead e531d3a4c xquartz: Use objc_autoreleasePoolPush / objc_autoreleasePoolPop directly in QuartzBlockHandler 08cf6c90f xquartz: Minor code modernization -- @autoreleasepool adoption 26e0c59a9 xquartz: Remove some dead code for compatibility with older nibs 2853f3896 xquartz: Remove a workaround for AppKit versions older than Lion 1edc9b980 xquartz: Apply spell check fixes from master for easier cherry-picking of changes in xquartz 67f25cc18 xquartz: Fix applications menu table background color for dark mode 4028c2ad1 xquartz: Apply Xcode 12.4 automatic updates to nibs ff1c8e2f7 xquartz: Update the about box copyright to 2021 a16df6028 xquartz: Ensure we call into TIS on the main thread 2087b7782 xquartz: Ensure that NSRunAlertPanel() is run on the main thread 2fe5bf4ba xquartz: Remove support for older versions of libXplugin bc1a2a0d8 xquartz: Remove unused include of AvailabilityMacros.h from various sources 393da8b43 xquartz: Remove support for building for i386 43aaa1093 xquartz: Remove support for Mountain Lion and earlier versions of macOS fb492686d xquartz: Remove support for Lion and earlier versions of macOS 34784415a xquartz: Remove support for SnowLeopard and earlier versions of macOS d3f81ecaf xquartz: Remove check for libdispatch now that we don't support pre-SnowLeopard 739c5bd32 xquartz: Remove support for Leopard and earlier versions of macOS 2d7eb8249 xquartz: Remove support for Tiger and earlier versions of macOS 080f9eb76 os: Remove support for Tiger and earlier versions of macOS be9d2fd87 xquartz: Remove support for Panther and earlier versions of macOS d39eb5840 Fix typo "XQaurtz" in Xquartz.man 1f2b73176 XQuartz: recognize F16-F20 and Menu keys ecc4ebf53 xquartz: Add stub ddxInputThread() f5df31c76 meson.build: KMS support also depends on dri2 b09f5f42d xwayland: Replace LogMessage with LogMessageVerb c17872d50 xkb: Fix heap overflow caused by optimized away min. Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../{xserver-xorg_1.20.10.bb => xserver-xorg_1.20.11.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.10.bb => xserver-xorg_1.20.11.bb} (89%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb similarity index 89% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb index 4d368a8b5a..b800167af9 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb @@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://sdksyms-no-build-path.patch \ file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ " -SRC_URI[md5sum] = "8cf8bd1f33e3736bc8dd279b20a32399" -SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" +SRC_URI[md5sum] = "a22ccd74a5eee721cad6805e489c7144" +SRC_URI[sha256sum] = "914c796e3ffabe1af48071d40ccc85e92117c97a9082ed1df29e4d64e3c34c49" CFLAGS += "-fcommon" -- 2.25.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman ` (3 preceding siblings ...) 2022-03-30 2:27 ` [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11 Steve Sakoman @ 2022-03-30 2:27 ` Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14 Steve Sakoman 6 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw) To: openembedded-core Stable branch update: b88ad0b34 (tag: xorg-server-1.20.12) xserver 1.20.12 8dea50223 Build xz tarballs instead of bzip2 b7adbac7d hw/dmx/config: Link directly with libdmxconfig.a e49738f0c xfree86: Fix NULL pointer dereference crash 9a59631a4 glx: Fix use after free in MakeCurrent 1fc0ca6e6 xfree86: Fix out of array bound access to xf86Entities a4210fe07 xfree86: Change displays array to pointers array to fix invalid pointer issues after table reallocation 22449f630 glamor: Avoid using GL_QUADS on V3D d16f64031 modesetting: Fix possible_crtcs f1e76731a modesetting: Update props for dynamically added outputs 7bf477711 xquartz: Ensure the mouse pointer is shown when switching to a native macOS alert or window 3ef6e7b76 xquartz: Fix appFlags build failure with macOS 10.15+ SDKs 2a83c840c glx: Set ContextTag for all contexts 394b6cc1c glx: don't create implicit GLXWindow if one already exists 0086535e7 modesetting: Remove few common functions from ms namespace 321964443 modesetting: remove unnecessary ms_covering_xf86_crtc dup of ms_covering_randr_crtc 52eb801d0 modesetting: Find crtc on slave outputs as fallback instead of returning primary crtc c7a2da7b9 present: fix msc offset calculation in screen mode 31544e68e present: Use crtc's screen present operation for syncing 464cbee1c modesetting: Initialize present extension despite glamor is disabled 4e11bd390 modesetting: Disable reverse prime offload mode for displays running on evdi,udl 627252933 dix: Guard against non-existing PtrFeedbackPtr d41b43345 xwayland: Add PtrFeedback to the touch device 23a53f0d5 glx: fixup symbol name for get_extensions function Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +- .../{xserver-xorg_1.20.11.bb => xserver-xorg_1.20.12.bb} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.11.bb => xserver-xorg_1.20.12.bb} (89%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index c891211c40..ce57982a7d 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -16,7 +16,7 @@ PE = "2" INC_PR = "r8" XORG_PN = "xorg-server" -SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" +SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.gz" CVE_PRODUCT = "xorg-server x_server" # This is specific to Debian's xserver-wrapper.c diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb similarity index 89% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb index b800167af9..2b326082d0 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb @@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://sdksyms-no-build-path.patch \ file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ " -SRC_URI[md5sum] = "a22ccd74a5eee721cad6805e489c7144" -SRC_URI[sha256sum] = "914c796e3ffabe1af48071d40ccc85e92117c97a9082ed1df29e4d64e3c34c49" +SRC_URI[md5sum] = "8775d8c22de768107978202fcf240e2e" +SRC_URI[sha256sum] = "71687561262e4527a7ef779193725416f70c3e0424daaa9a6617bd37dc7701bb" CFLAGS += "-fcommon" -- 2.25.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman ` (4 preceding siblings ...) 2022-03-30 2:27 ` [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12 Steve Sakoman @ 2022-03-30 2:27 ` Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14 Steve Sakoman 6 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw) To: openembedded-core Stable branch update: 86a72cb19 (tag: xorg-server-1.20.13) xserver 1.20.13 f85e4edba modesetting: unflip not possible when glamor is not set b03d7184b present: fallback get_crtc to return crtc belonging to screen with present extension Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../{xserver-xorg_1.20.12.bb => xserver-xorg_1.20.13.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.12.bb => xserver-xorg_1.20.13.bb} (89%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb similarity index 89% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb index 2b326082d0..424d81add9 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb @@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://sdksyms-no-build-path.patch \ file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ " -SRC_URI[md5sum] = "8775d8c22de768107978202fcf240e2e" -SRC_URI[sha256sum] = "71687561262e4527a7ef779193725416f70c3e0424daaa9a6617bd37dc7701bb" +SRC_URI[md5sum] = "1724c6efe8599fb0dc6c69c5f268de71" +SRC_URI[sha256sum] = "26f801f4d92216995f389873cf3b4e90069cf63e94bc5dd09ebbf7fd7e1ddcc2" CFLAGS += "-fcommon" -- 2.25.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman ` (5 preceding siblings ...) 2022-03-30 2:27 ` [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13 Steve Sakoman @ 2022-03-30 2:27 ` Steve Sakoman 6 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw) To: openembedded-core Fixes: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 Stable branch update: 97c5b7777 (HEAD -> server-1.20-branch, tag: xorg-server-1.20.14, origin/server-1.20-branch) xserver 1.20.14 35b4681c7 render: Fix out of bounds access in SProcRenderCompositeGlyphs() 67425fcab Xext: Fix out of bounds access in SProcScreenSaverSuspend() 6bb8aeb30 xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() acc50e609 record: Fix out of bounds access in SwapCreateRegister() 5ff3310b6 modesetting: Allow Present flips with mismatched stride on atomic drivers. 574fe59ef Fix RandR leasing for more than 1 simultaneously active lease. Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../{xserver-xorg_1.20.13.bb => xserver-xorg_1.20.14.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.13.bb => xserver-xorg_1.20.14.bb} (89%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb similarity index 89% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb index 424d81add9..d176f390a4 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb @@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://sdksyms-no-build-path.patch \ file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ " -SRC_URI[md5sum] = "1724c6efe8599fb0dc6c69c5f268de71" -SRC_URI[sha256sum] = "26f801f4d92216995f389873cf3b4e90069cf63e94bc5dd09ebbf7fd7e1ddcc2" +SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf" +SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066" CFLAGS += "-fcommon" -- 2.25.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review @ 2024-04-03 3:11 Steve Sakoman 0 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2024-04-03 3:11 UTC (permalink / raw) To: openembedded-core Please review this set of changes for dunfell and have comments back by end of day Thursday, April 4 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6757 The following changes since commit d0811b98fa3847dbbfcfe6a80694509bb29aaf9c: yocto-uninative: Update to 4.4 for glibc 2.39 (2024-03-18 11:44:32 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Steve Sakoman (2): tar: bump PR to deal with sstate corruption on autobuilder perf: bump PR to deal with sstate corruption on autobuilder Vijay Anusuri (4): libtiff: backport Debian patch for CVE-2023-6277 & CVE-2023-52356 go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785 tar: Fix for CVE-2023-39804 curl: backport Debian patch for CVE-2024-2398 virendra thakur (1): openssl: Fix CVE-2024-0727 .../openssl/openssl/CVE-2024-0727.patch | 122 ++++++++ .../openssl/openssl_1.1.1w.bb | 1 + meta/recipes-devtools/go/go-1.14.inc | 3 + .../go/go-1.14/CVE-2023-45289.patch | 121 ++++++++ .../go/go-1.14/CVE-2023-45290.patch | 271 ++++++++++++++++++ .../go/go-1.14/CVE-2024-24785.patch | 197 +++++++++++++ .../tar/tar/CVE-2023-39804.patch | 64 +++++ meta/recipes-extended/tar/tar_1.32.bb | 3 + meta/recipes-kernel/perf/perf.bb | 2 +- .../libtiff/files/CVE-2023-52356.patch | 53 ++++ .../libtiff/files/CVE-2023-6277-1.patch | 191 ++++++++++++ .../libtiff/files/CVE-2023-6277-2.patch | 152 ++++++++++ .../libtiff/files/CVE-2023-6277-3.patch | 46 +++ .../libtiff/files/CVE-2023-6277-4.patch | 94 ++++++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 5 + .../curl/curl/CVE-2024-2398.patch | 88 ++++++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 17 files changed, 1413 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch create mode 100644 meta/recipes-extended/tar/tar/CVE-2023-39804.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch -- 2.34.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2024-02-13 21:43 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-02-13 21:43 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, February 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6564
The following changes since commit 18ae4fea4bf8681f9138d21124589918e336ff6b:
systemtap: Fix build with gcc-12 (2024-01-25 03:58:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Matthias Schmitz (1):
rsync: Fix rsync hanging when used with --relative
Ming Liu (1):
go: add a complementary fix for CVE-2023-29406
Peter Marko (1):
curl: ignore CVE-2023-42915
Vijay Anusuri (1):
ghostscript: Backport fix for CVE-2020-36773
Zahir Hussain (1):
cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
virendra thakur (2):
perl: Whitelist CVE-2023-47039
ncurses: Fix CVE-2023-29491
.../ncurses/files/CVE-2023-29491.patch | 45 +++++++
meta/recipes-core/ncurses/ncurses_6.2.bb | 3 +-
.../cmake/cmake/OEToolchainConfig.cmake | 3 +
meta/recipes-devtools/go/go-1.14.inc | 3 +-
...023-29406.patch => CVE-2023-29406-1.patch} | 0
.../go/go-1.14/CVE-2023-29406-2.patch | 114 ++++++++++++++++++
meta/recipes-devtools/perl/perl_5.30.1.bb | 4 +
...lative-when-copying-an-absolute-path.patch | 31 +++++
meta/recipes-devtools/rsync/rsync_3.1.3.bb | 1 +
.../ghostscript/CVE-2020-36773.patch | 109 +++++++++++++++++
.../ghostscript/ghostscript_9.52.bb | 1 +
meta/recipes-support/curl/curl_7.69.1.bb | 3 +
12 files changed, 315 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
rename meta/recipes-devtools/go/go-1.14/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch
create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread* [OE-core][dunfell 0/7] Patch review @ 2023-09-26 14:12 Steve Sakoman 0 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2023-09-26 14:12 UTC (permalink / raw) To: openembedded-core Please review this set of changes for dunfell and have comments back by end of day Thursday, September 28 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5947 The following changes since commit 8b91c463fb3546836789e1890b3c68acf69c162a: build-appliance-image: Update to dunfell head revision (2023-09-16 11:16:49 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Archana Polampalli (1): vim: upgrade 9.0.1592 -> 9.0.1664 Michael Opdenacker (1): flac: fix CVE-2020-22219 Richard Purdie (1): vim: Upgrade 9.0.1664 -> 9.0.1894 Ross Burton (1): gcc: Fix -fstack-protector issue on aarch64 Siddharth Doshi (2): gdb: Fix CVE-2023-39128 libxml2: Fix CVE-2023-39615 Vijay Anusuri (1): go: Backport fix for CVE-2022-41725 and CVE-2023-24536 .../libxml/libxml2/CVE-2023-39615-0001.patch | 36 + .../libxml/libxml2/CVE-2023-39615-0002.patch | 71 + .../libxml/libxml2/CVE-2023-39615-pre.patch | 44 + meta/recipes-core/libxml/libxml2_2.9.10.bb | 3 + meta/recipes-devtools/gcc/gcc-9.5.inc | 1 + .../gcc/gcc-9.5/CVE-2023-4039.patch | 1506 +++++++++++++++++ meta/recipes-devtools/gdb/gdb-9.1.inc | 1 + .../gdb/gdb/0012-CVE-2023-39128.patch | 75 + meta/recipes-devtools/go/go-1.14.inc | 7 + .../go/go-1.14/CVE-2022-41725-pre1.patch | 85 + .../go/go-1.14/CVE-2022-41725-pre2.patch | 97 ++ .../go/go-1.14/CVE-2022-41725-pre3.patch | 98 ++ .../go/go-1.14/CVE-2022-41725.patch | 660 ++++++++ .../go/go-1.14/CVE-2023-24536_1.patch | 134 ++ .../go/go-1.14/CVE-2023-24536_2.patch | 184 ++ .../go/go-1.14/CVE-2023-24536_3.patch | 349 ++++ .../flac/files/CVE-2020-22219.patch | 197 +++ meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 + meta/recipes-support/vim/vim.inc | 6 +- 19 files changed, 3552 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch -- 2.34.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-05-11 21:28 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-05-11 21:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5294
The following changes since commit fd4cc8d7b5156c43d162a1a5a809fae507457ef4:
build-appliance-image: Update to dunfell head revision (2023-05-03 12:29:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Ashish Sharma (1):
connman: Fix CVE-2023-28488 DoS in client.c
Peter Marko (1):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Vivek Kumbhar (1):
freetype: fix CVE-2023-2004 integer overflowin in
tt_hvadvance_adjust() in src/truetype/ttgxvar.c
Yoann Congal (1):
linux-yocto: Exclude 294 CVEs already fixed upstream
.../connman/connman/CVE-2023-28488.patch | 54 +
.../connman/connman_1.37.bb | 1 +
.../libxml/libxml2/CVE-2023-28484.patch | 79 +
.../libxml/libxml2/CVE-2023-29469.patch | 42 +
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
meta/recipes-devtools/go/go-1.14.inc | 3 +
.../go/go-1.14/CVE-2023-24538-1.patch | 125 ++
.../go/go-1.14/CVE-2023-24538-2.patch | 196 ++
.../go/go-1.14/CVE-2023-24538-3.patch | 208 ++
.../run-postinsts/run-postinsts.service | 2 +-
.../freetype/freetype/CVE-2023-2004.patch | 40 +
.../freetype/freetype_2.10.1.bb | 1 +
meta/recipes-kernel/linux/cve-exclusion.inc | 1840 +++++++++++++++++
meta/recipes-kernel/linux/linux-yocto.inc | 3 +
meta/recipes-support/libbsd/libbsd_0.10.0.bb | 6 +
15 files changed, 2601 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread* [OE-core][dunfell 0/7] Patch review @ 2023-04-22 15:57 Steve Sakoman 0 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2023-04-22 15:57 UTC (permalink / raw) To: openembedded-core Please review this set of patches for dunfell and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210 The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3: curl: CVE-2023-27534 SFTP path ~ resolving discrepancy (2023-04-14 07:14:33 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Hitendra Prajapati (2): curl: CVE-2023-27538 fix SSH connection too eager reuse screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs Peter Marko (1): go: ignore CVE-2022-41716 Shubham Kulkarni (2): go-runtime: Security fix for CVE-2022-41722 go: Security fix for CVE-2020-29510 Vivek Kumbhar (1): go: fix CVE-2023-24537 Infinite loop in parsing rajmohan r (1): systemd: Fix CVE-2023-26604 .../systemd/systemd/CVE-2023-26604-1.patch | 115 ++++++++ .../systemd/systemd/CVE-2023-26604-2.patch | 264 ++++++++++++++++++ .../systemd/systemd/CVE-2023-26604-3.patch | 182 ++++++++++++ .../systemd/systemd/CVE-2023-26604-4.patch | 32 +++ meta/recipes-core/systemd/systemd_244.5.bb | 4 + meta/recipes-devtools/go/go-1.14.inc | 7 + .../go/go-1.14/CVE-2020-29510.patch | 65 +++++ .../go/go-1.14/CVE-2022-41722-1.patch | 53 ++++ .../go/go-1.14/CVE-2022-41722-2.patch | 104 +++++++ .../go/go-1.14/CVE-2023-24537.patch | 76 +++++ .../screen/screen/CVE-2023-24626.patch | 40 +++ meta/recipes-extended/screen/screen_4.8.0.bb | 1 + .../curl/curl/CVE-2023-27538.patch | 31 ++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 14 files changed, 975 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-2.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-3.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2020-29510.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-1.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-2.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch -- 2.34.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review @ 2023-04-04 2:39 Steve Sakoman 0 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2023-04-04 2:39 UTC (permalink / raw) To: openembedded-core Please review this set of patches for dunfell and have comments back by end of day Wednesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5141 The following changes since commit 1c7d555379c4b0962bccd018870989050d87675f: classes/package: Use gzip for extended package data (2023-03-27 16:29:20 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Geoffrey GIRY (1): cve-check: Fix false negative version issue Hitendra Prajapati (2): curl: CVE-2023-23916 HTTP multi-header compression denial of service qemu: fix compile error which imported by CVE-2022-4144 Martin Jansa (1): bmap-tools: switch to main branch Randy MacLeod (1): vim: upgrade 9.0.1403 -> 9.0.1429 Shubham Kulkarni (1): go-runtime: Security fix for CVE-2022-41723 Vijay Anusuri (1): git: Security fix for CVE-2023-22490 and CVE-2023-23946 meta/classes/cve-check.bbclass | 5 +- meta/lib/oe/cve_check.py | 37 +++ meta/lib/oeqa/selftest/cases/cve_check.py | 19 ++ .../git/files/CVE-2023-22490-1.patch | 179 +++++++++++++ .../git/files/CVE-2023-22490-2.patch | 122 +++++++++ .../git/files/CVE-2023-22490-3.patch | 154 ++++++++++++ .../git/files/CVE-2023-23946.patch | 184 ++++++++++++++ meta/recipes-devtools/git/git.inc | 4 + meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2022-41723.patch | 156 ++++++++++++ meta/recipes-devtools/qemu/qemu.inc | 1 + ...ass-requested-buffer-size-to-qxl_phy.patch | 236 ++++++++++++++++++ .../bmap-tools/bmap-tools_3.5.bb | 2 +- .../curl/curl/CVE-2023-23916.patch | 231 +++++++++++++++++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + meta/recipes-support/vim/vim.inc | 4 +- 16 files changed, 1332 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-1.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-2.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-3.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2023-23946.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch create mode 100644 meta/recipes-devtools/qemu/qemu/hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch -- 2.34.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-12-01 15:25 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-12-01 15:25 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4565
The following changes since commit 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba:
sstate: Account for reserved characters when shortening sstate filenames (2022-11-23 00:26:19 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
linux-firmware: upgrade 20220913 -> 20221012
Chen Qi (1):
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
Dmitry Baryshkov (1):
linux-firmware: upgrade 20221012 -> 20221109
Mike Crowe (1):
kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE
Ross Burton (1):
pixman: backport fix for CVE-2022-44638
Vivek Kumbhar (1):
qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead
to guest crash
Wang Mingyu (1):
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
meta/classes/kernel.bbclass | 29 ++++++++-
.../mobile-broadband-provider-info_git.bb | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-20196.patch | 62 +++++++++++++++++++
.../xorg-lib/pixman/CVE-2022-44638.patch | 34 ++++++++++
.../xorg-lib/pixman_0.38.4.bb | 1 +
...20220913.bb => linux-firmware_20221109.bb} | 6 +-
7 files changed, 129 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221109.bb} (99%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread* [OE-core][dunfell 0/7] Patch review
@ 2022-10-24 14:24 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-24 14:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4364
The following changes since commit aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f:
qemu: Avoid accidental librdmacm linkage (2022-10-12 05:13:44 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.216
linux-yocto/5.4: update to v5.4.219
Omkar (1):
dbus: upgrade 1.12.22 -> 1.12.24
Paul Eggleton (1):
classes/kernel-fitimage: add ability to add additional signing options
Steve Sakoman (2):
devtool: add HostKeyAlgorithms option to ssh and scp commands
selftest: skip virgl test on all Alma Linux
wangmy (1):
dbus: upgrade 1.12.20 -> 1.12.22
meta/classes/kernel-fitimage.bbclass | 6 ++++-
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
meta/lib/oeqa/selftest/cases/runtime_test.py | 4 ++--
...s-test_1.12.20.bb => dbus-test_1.12.24.bb} | 0
meta/recipes-core/dbus/dbus.inc | 3 +--
.../dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} | 0
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
scripts/lib/devtool/deploy.py | 8 +++----
10 files changed, 31 insertions(+), 28 deletions(-)
rename meta/recipes-core/dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.24.bb} (100%)
rename meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} (100%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread* [OE-core][dunfell 0/7] Patch review @ 2022-09-08 2:28 Steve Sakoman 0 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2022-09-08 2:28 UTC (permalink / raw) To: openembedded-core Please review this set of patches for dunfell and have comments back by end of day Friday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4200 The following changes since commit 345193f36d08cfe4899c65e8edf3f79db09c50d2: relocate_sdk.py: ensure interpreter size error causes relocation to fail (2022-08-29 05:02:16 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Hitendra Prajapati (1): sqlite: CVE-2022-35737 assertion failure Joshua Watt (1): classes: cve-check: Get shared database lock Ranjitsinh Rathod (2): libarchive: Fix CVE-2021-23177 issue libarchive: Fix CVE-2021-31566 issue Richard Purdie (1): vim: Upgrade 9.0.0242 -> 9.0.0341 Robert Joslyn (1): curl: Backport patch for CVE-2022-35252 Ross Burton (1): cve-check: close cursors as soon as possible meta/classes/cve-check.bbclass | 36 ++-- .../recipes-core/meta/cve-update-db-native.bb | 51 ++--- .../libarchive/CVE-2021-23177.patch | 183 ++++++++++++++++++ .../libarchive/CVE-2021-31566-01.patch | 23 +++ .../libarchive/CVE-2021-31566-02.patch | 172 ++++++++++++++++ .../libarchive/libarchive_3.4.2.bb | 3 + .../curl/curl/CVE-2022-35252.patch | 72 +++++++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + .../sqlite/files/CVE-2022-35737.patch | 29 +++ meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 + meta/recipes-support/vim/vim.inc | 4 +- 11 files changed, 535 insertions(+), 40 deletions(-) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch -- 2.25.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-07-29 15:24 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-07-29 15:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3993
The following changes since commit 3f40d5f095ceb099b604750db96058df00fcd49e:
build-appliance-image: Update to dunfell head revision (2022-07-25 15:09:15 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (5):
gnupg: CVE-2022-34903 possible signature forgery via injection into
the status line
grub2: Fix buffer underflow write in the heap
qemu: CVE-2022-35414 can perform an uninitialized read on the
translate_fail path, leading to an io_readx or io_writex crash
libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By
Zero Error
libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
LUIS ENRIQUEZ (1):
kernel-fitimage.bbclass: add padding algorithm property in config
nodes
Sana.Kazi (1):
libjpeg-turbo: Fix CVE-2021-46822
meta/classes/kernel-fitimage.bbclass | 5 +
.../grub/files/CVE-2021-3695.patch | 178 +++++++++++++++++
.../grub/files/CVE-2021-3696.patch | 46 +++++
.../grub/files/CVE-2021-3697.patch | 82 ++++++++
meta/recipes-bsp/grub/grub2.inc | 5 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-35414.patch | 53 +++++
.../libtirpc/libtirpc/CVE-2021-46828.patch | 155 +++++++++++++++
.../libtirpc/libtirpc_1.2.6.bb | 4 +-
.../jpeg/files/CVE-2021-46822.patch | 133 +++++++++++++
.../jpeg/libjpeg-turbo_2.0.4.bb | 1 +
...022-2056-CVE-2022-2057-CVE-2022-2058.patch | 183 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
.../gnupg/gnupg/CVE-2022-34903.patch | 44 +++++
meta/recipes-support/gnupg/gnupg_2.2.27.bb | 1 +
15 files changed, 890 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3695.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3696.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3697.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-35414.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2021-46822.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread* [OE-core][dunfell 0/7] Patch review @ 2021-07-15 14:07 Steve Sakoman 2021-07-15 14:16 ` Andrej Valek 0 siblings, 1 reply; 22+ messages in thread From: Steve Sakoman @ 2021-07-15 14:07 UTC (permalink / raw) To: openembedded-core Please review this next set of patches for dunfell and have comments back by end of day Monday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2350 The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74: report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Andrej Valek (1): busybox: add tmpdir option into mktemp applet Richard Purdie (3): pseudo: Add uninative configuration sanity check pseudo: Update to latest version including statx fix sstate: Drop pseudo exclusion Steve Sakoman (3): bluez: fix CVE-2021-3588 gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed meta/classes/sstate.bbclass | 2 - meta/recipes-connectivity/bluez5/bluez5.inc | 1 + .../bluez5/bluez5/CVE-2021-3588.patch | 34 ++++++++ .../0001-mktemp-add-tmpdir-option.patch | 81 +++++++++++++++++++ meta/recipes-core/busybox/busybox_1.31.1.bb | 1 + meta/recipes-devtools/pseudo/pseudo.inc | 13 +++ meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- .../gstreamer1.0-plugins-base_1.16.3.bb | 4 + .../gstreamer1.0-plugins-good_1.16.3.bb | 5 ++ 9 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch -- 2.25.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [OE-core][dunfell 0/7] Patch review 2021-07-15 14:07 Steve Sakoman @ 2021-07-15 14:16 ` Andrej Valek 0 siblings, 0 replies; 22+ messages in thread From: Andrej Valek @ 2021-07-15 14:16 UTC (permalink / raw) To: steve@sakoman.com; +Cc: openembedded-core@lists.openembedded.org Hello Steve, Busybox patch looks fine. Cheers, Andrej > Please review this next set of patches for dunfell and have comments back by end of day Monday. > > Passed a-full on autobuilder: > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Ftyphoon%2F%23%2Fbuilders%2F83%2Fbuilds%2F2350&data=04%7C01%7Candrej.valek%40siemens.com%> 7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHIY6jrIIjgQrMFGZI5aGHjaqK4A5Y17uptGKbI%2ByXQ%3D&reserved=0 > > The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74: > > report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000) > > are available in the Git repository at: > > git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcgit.openembedded.org%2Fopenembedded-core-contrib%2Flog%2F%3Fh%3Dstable%2Fdunfell-nut&data=04%7C01%7Candrej.valek%40siemens.com%7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RqxpOBjsL%2B6GJnZwWtQ7KHLi%2FAcp1A0KZza9ow9p%2FPc%3D&reserved=0 > Andrej Valek (1): > busybox: add tmpdir option into mktemp applet > > Richard Purdie (3): > pseudo: Add uninative configuration sanity check > pseudo: Update to latest version including statx fix > sstate: Drop pseudo exclusion > > Steve Sakoman (3): > bluez: fix CVE-2021-3588 > gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed > gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed > > meta/classes/sstate.bbclass | 2 - > meta/recipes-connectivity/bluez5/bluez5.inc | 1 + > .../bluez5/bluez5/CVE-2021-3588.patch | 34 ++++++++ > .../0001-mktemp-add-tmpdir-option.patch | 81 +++++++++++++++++++ > meta/recipes-core/busybox/busybox_1.31.1.bb | 1 + > meta/recipes-devtools/pseudo/pseudo.inc | 13 +++ > meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- > .../gstreamer1.0-plugins-base_1.16.3.bb | 4 + > .../gstreamer1.0-plugins-good_1.16.3.bb | 5 ++ > 9 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-> 2021-3588.patch > create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch > > -- > 2.25.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2020-09-18 16:15 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-09-18 16:15 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Monday.
The following changes since commit b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a:
cve-check: avoid FileNotFoundError if no do_cve_check task has run (2020-09-14 04:26:37 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Christophe GUIBOUT (1):
initramfs-framework: support kernel cmdline with double quotes
Geoff Parker (1):
systemd-serialgetty: Replace sed quoting using ' with " to allow var
expansion
Khem Raj (1):
populate_sdk_ext: Do not assume local.conf will always exist
Michael Gloff (1):
sysvinit: Remove ${B} assignment
Pierre-Jean Texier (1):
libubootenv: upgrade 0.3 -> 0.3.1
Rahul Kumar (1):
systemd-serialgetty: Fix sed expression quoting
Steve Sakoman (1):
Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"
meta/classes/kernel.bbclass | 2 +-
meta/classes/populate_sdk_ext.bbclass | 5 +++--
.../{libubootenv_0.3.bb => libubootenv_0.3.1.bb} | 2 +-
.../initrdscripts/initramfs-framework/init | 13 +++++++++++++
meta/recipes-core/systemd/systemd-serialgetty.bb | 4 ++--
meta/recipes-core/sysvinit/sysvinit_2.96.bb | 1 -
6 files changed, 20 insertions(+), 7 deletions(-)
rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb} (94%)
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread* [OE-core][dunfell 0/7] Patch review @ 2020-08-17 15:11 Steve Sakoman 0 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw) To: openembedded-core Please review this next set of patches for dunfell and have comments back by end of day Wednesday. Passed a-full on autobuilder (other than 500 server error posting report for qemumips-alt): https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1265 The following changes since commit b95d6aeafb70765e22d2e1254e749a48f508d489: uninative: Handle PREMIRRORS generically (2020-08-09 09:26:54 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Bruce Ashfield (3): linux-yocto-rt/5.4: update to rt32 linux-yocto/5.4: update to v5.4.56 linux-yocto/5.4: update to v5.4.57 Khem Raj (4): glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch gcc-9.3.inc: Mark CVE-2019-15847 as fixed go: update 1.14.4 -> 1.14.6 go: Upgrade to 1.14.7 meta/recipes-core/glibc/glibc-version.inc | 2 +- .../glibc/0016-Add-unused-attribute.patch | 31 --- .../glibc/glibc/CVE-2020-6096.patch | 112 ---------- .../glibc/glibc/CVE-2020-6096_2.patch | 194 ------------------ meta/recipes-core/glibc/glibc_2.31.bb | 5 +- meta/recipes-devtools/gcc/gcc-9.3.inc | 2 + meta/recipes-devtools/go/go-1.14.inc | 5 +- .../linux/linux-yocto-rt_5.4.bb | 6 +- .../linux/linux-yocto-tiny_5.4.bb | 8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- 10 files changed, 24 insertions(+), 363 deletions(-) delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch -- 2.17.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2024-04-03 3:12 UTC | newest] Thread overview: 22+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-03-30 2:27 [OE-core][dunfell 0/7] Patch review Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13 Steve Sakoman 2022-03-30 2:27 ` [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14 Steve Sakoman -- strict thread matches above, loose matches on Subject: below -- 2024-04-03 3:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman 2024-02-13 21:43 Steve Sakoman 2023-09-26 14:12 Steve Sakoman 2023-05-11 21:28 Steve Sakoman 2023-04-22 15:57 Steve Sakoman 2023-04-04 2:39 Steve Sakoman 2022-12-01 15:25 Steve Sakoman 2022-10-24 14:24 Steve Sakoman 2022-09-08 2:28 Steve Sakoman 2022-07-29 15:24 Steve Sakoman 2021-07-15 14:07 Steve Sakoman 2021-07-15 14:16 ` Andrej Valek 2020-09-18 16:15 Steve Sakoman 2020-08-17 15:11 Steve Sakoman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox