diff options
| author | Lee Chee Yang <chee.yang.lee@intel.com> | 2020-09-08 21:07:42 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-09-17 12:51:24 +0100 |
| commit | cf2f611fcbe1ca340cc449cf6c63390716487e2b (patch) | |
| tree | 34824aab00a5b98a01a7b9f07bc6906e69b3e2c3 | |
| parent | 773eae6f59cdc55381d52f002ff3b65185d2bf45 (diff) | |
| download | poky-cf2f611fcbe1ca340cc449cf6c63390716487e2b.tar.gz | |
xserver-xorg: fix CVE-2020-14347
(From OE-Core rev: 02484c21042fcbd31d2982fc1cf60d565ae035e4)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch | 38 | ||||
| -rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch new file mode 100644 index 0000000000..cf3f5f9417 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Matthieu Herrb <matthieu@herrb.eu> | ||
| 3 | Date: Sat, 25 Jul 2020 19:33:50 +0200 | ||
| 4 | Subject: [PATCH] fix for ZDI-11426 | ||
| 5 | |||
| 6 | Avoid leaking un-initalized memory to clients by zeroing the | ||
| 7 | whole pixmap on initial allocation. | ||
| 8 | |||
| 9 | This vulnerability was discovered by: | ||
| 10 | Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | ||
| 11 | |||
| 12 | Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> | ||
| 13 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
| 14 | |||
| 15 | |||
| 16 | Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816] | ||
| 17 | CVE: CVE-2020-14347 | ||
| 18 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
| 19 | --- | ||
| 20 | dix/pixmap.c | 2 +- | ||
| 21 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 22 | |||
| 23 | diff --git a/dix/pixmap.c b/dix/pixmap.c | ||
| 24 | index 1186d7dbbf..5a0146bbb6 100644 | ||
| 25 | --- a/dix/pixmap.c | ||
| 26 | +++ b/dix/pixmap.c | ||
| 27 | @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) | ||
| 28 | if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) | ||
| 29 | return NullPixmap; | ||
| 30 | |||
| 31 | - pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); | ||
| 32 | + pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize); | ||
| 33 | if (!pPixmap) | ||
| 34 | return NullPixmap; | ||
| 35 | |||
| 36 | -- | ||
| 37 | GitLab | ||
| 38 | |||
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb index 3f7fbe85b8..5101134538 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb | |||
| @@ -5,6 +5,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat | |||
| 5 | file://0001-test-xtest-Initialize-array-with-braces.patch \ | 5 | file://0001-test-xtest-Initialize-array-with-braces.patch \ |
| 6 | file://sdksyms-no-build-path.patch \ | 6 | file://sdksyms-no-build-path.patch \ |
| 7 | file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ | 7 | file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ |
| 8 | file://CVE-2020-14347.patch \ | ||
| 8 | " | 9 | " |
| 9 | SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839" | 10 | SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839" |
| 10 | SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146" | 11 | SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146" |