Revert "xserver-xorg: Fix for CVE-2023-5574"

These patches are not yet merged (so they're not backports) because they have outstanding (undescribed) issues[1]. As this issue only affects Xvfb and is a use-after-free with only a hypothetical attack, revert the patches until the compromise is understood. This reverts commit a193c0224a4100f2e75bfff40b0832758affeb45. [1] https://lists.x.org/archives/xorg-announce/2023-October/003430.html (From OE-Core rev: 1ed1c4f48203a8366519b40a094c7d9719c3ae32) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2023-11-08 15:27:41 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-08 16:42:49 +0000
commit: 3d2d75119cedcbac8f9665c1ddc0b8975a55e12a (patch)
tree: 934b35ffc14e92518b3b2f2714c177c7625be356 /meta/recipes-graphics/xorg-xserver
parent: 832384fdc69bd909183da7572ab8171dc34542c3 (diff)
download: poky-3d2d75119cedcbac8f9665c1ddc0b8975a55e12a.tar.gz
4 files changed, 0 insertions, 212 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-1.patch
deleted file mode 100644
index 9a8e583e78..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-1.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 1953f460b9ad1a9cdf0fcce70f6ad3310b713d5f Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Thu, 12 Oct 2023 12:44:13 +1000
-Subject: [PATCH] fb: properly wrap/unwrap CloseScreen
-fbCloseScreen assumes that it overrides miCloseScreen (which just
-calls FreePixmap(screen->devPrivates)) and emulates that instead of
-wrapping it.
-This is a wrong assumption, we may have ShmCloseScreen in the mix too,
-resulting in leaks (see below). Fix this by properly setting up the
-CloseScreen wrapper.
-This means we no longer need the manual DestroyPixmap call in
-vfbCloseScreen, reverting d348ab06aae21c153ecbc3511aeafc8ab66d8303
-CVE-2023-5574, ZDI-CAN-21213
-This vulnerability was discovered by:
-Sri working with Trend Micro Zero Day Initiative
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-Reviewed-by: Adam Jackson <ajax@redhat.com>
-Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/1953f460b9ad1a9cdf0fcce70f6ad3310b713d5f]
-CVE: CVE-2023-5574
-Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
- fb/fb.h             |  1 +
- fb/fbscreen.c       | 14 ++++++++++----
- hw/vfb/InitOutput.c |  7 -------
- 3 files changed, 11 insertions(+), 11 deletions(-)
-diff --git a/fb/fb.h b/fb/fb.h
-index d157b6956d..cd7bd05d21 100644
--- a/fb/fb.h
-+++ b/fb/fb.h
-@@ -410,6 +410,7 @@ typedef struct {
- #endif
-     DevPrivateKeyRec    gcPrivateKeyRec;
-     DevPrivateKeyRec    winPrivateKeyRec;
-+    CloseScreenProcPtr  CloseScreen;
- } FbScreenPrivRec, *FbScreenPrivPtr;
- 
- #define fbGetScreenPrivate(pScreen) ((FbScreenPrivPtr) \
-diff --git a/fb/fbscreen.c b/fb/fbscreen.c
-index 4ab807ab50..c481033f98 100644
--- a/fb/fbscreen.c
-+++ b/fb/fbscreen.c
-@@ -29,6 +29,7 @@
- Bool
- fbCloseScreen(ScreenPtr pScreen)
- {
-+    FbScreenPrivPtr screen_priv = fbGetScreenPrivate(pScreen);
-     int d;
-     DepthPtr depths = pScreen->allowedDepths;
- 
-@@ -37,9 +38,10 @@ fbCloseScreen(ScreenPtr pScreen)
-         free(depths[d].vids);
-     free(depths);
-     free(pScreen->visuals);
-    if (pScreen->devPrivate)
-        FreePixmap((PixmapPtr)pScreen->devPrivate);
-    return TRUE;
-+
-+    pScreen->CloseScreen = screen_priv->CloseScreen;
-+
-+    return pScreen->CloseScreen(pScreen);
- }
- 
- Bool
-@@ -144,6 +146,7 @@ fbFinishScreenInit(ScreenPtr pScreen, void *pbits, int xsize, int ysize,
-                    int dpix, int dpiy, int width, int bpp)
- #endif
- {
-+    FbScreenPrivPtr screen_priv;
-     VisualPtr visuals;
-     DepthPtr depths;
-     int nvisuals;
-@@ -177,8 +180,11 @@ fbFinishScreenInit(ScreenPtr pScreen, void *pbits, int xsize, int ysize,
-                       rootdepth, ndepths, depths,
-                       defaultVisual, nvisuals, visuals))
-         return FALSE;
-    /* overwrite miCloseScreen with our own */
-+
-+    screen_priv = fbGetScreenPrivate(pScreen);
-+    screen_priv->CloseScreen = pScreen->CloseScreen;
-     pScreen->CloseScreen = fbCloseScreen;
-+
-     return TRUE;
- }
- 
-diff --git a/hw/vfb/InitOutput.c b/hw/vfb/InitOutput.c
-index 48efb61b2f..076fb7defa 100644
--- a/hw/vfb/InitOutput.c
-+++ b/hw/vfb/InitOutput.c
-@@ -720,13 +720,6 @@ vfbCloseScreen(ScreenPtr pScreen)
- 
-     pScreen->CloseScreen = pvfb->closeScreen;
- 
-    /*
-     * fb overwrites miCloseScreen, so do this here
-     */
-    if (pScreen->devPrivate)
-        (*pScreen->DestroyPixmap) (pScreen->devPrivate);
-    pScreen->devPrivate = NULL;
-
-     return pScreen->CloseScreen(pScreen);
- }
- 
-- 
-GitLab
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch
deleted file mode 100644
index 2cdef752c7..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From b6fe3f924aecac6d6e311673511ce61aa2f7a81f Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Thu, 12 Oct 2023 12:42:06 +1000
-Subject: [PATCH] mi: fix CloseScreen initialization order
-If SHM is enabled it will set the CloseScreen pointer, only to be
-overridden by the hardcoded miCloseScreen pointer. Do this the other way
-round, miCloseScreen is the bottom of our stack.
-Direct leak of 48 byte(s) in 2 object(s) allocated from:
-  #0 0x7f5ea3ad8cc7 in calloc (/lib64/libasan.so.8+0xd8cc7) (BuildId: d8f3addefe29e892d775c30eb364afd3c2484ca5))
-  #1 0x70adfb in ShmInitScreenPriv ../Xext/shm.c:213
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-Reviewed-by: Adam Jackson <ajax@redhat.com>
-Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b6fe3f924aecac6d6e311673511ce61aa2f7a81f]
-CVE: CVE-2023-5574
-Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
- mi/miscrinit.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/mi/miscrinit.c b/mi/miscrinit.c
-index 3bb52b1bc6..b88938c9ae 100644
--- a/mi/miscrinit.c
-+++ b/mi/miscrinit.c
-@@ -249,10 +249,10 @@ miScreenInit(ScreenPtr pScreen, void *pbits,  /* pointer to screen bits */
-     pScreen->numVisuals = numVisuals;
-     pScreen->visuals = visuals;
-     if (width) {
-+        pScreen->CloseScreen = miCloseScreen;
- #ifdef MITSHM
-         ShmRegisterFbFuncs(pScreen);
- #endif
-        pScreen->CloseScreen = miCloseScreen;
-     }
-     /* else CloseScreen */
-     /* QueryBestSize */
-- 
-GitLab
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-3.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-3.patch
deleted file mode 100644
index 47c247ef0c..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-3.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From ab2c58ba4719fc31c19c7829b06bdba8a88bd586 Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Tue, 24 Oct 2023 12:09:36 +1000
-Subject: [PATCH] dix: always initialize pScreen->CloseScreen
-CloseScreen is wrapped by the various modules, many of which do not
-check if they're the last ones unwrapping. This is fine if the order of
-those modules never changes but when it does we might get a NULL-pointer
-dereference by some naive code doing a
-   pScreen->CloseScreen = priv->CloseScreen;
-   free(priv);
-   return (*pScreen->CloseScreen)(pScreen);
-To avoid this set it to a default function that just returns TRUE that's
-guaranteed to be the last one.
-Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab2c58ba4719fc31c19c7829b06bdba8a88bd586]
-CVE: CVE-2023-5574
-Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
- dix/dispatch.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-diff --git a/dix/dispatch.c b/dix/dispatch.c
-index eaac39b7c9..cd092fd409 100644
--- a/dix/dispatch.c
-+++ b/dix/dispatch.c
-@@ -3890,6 +3890,12 @@ static int indexForScanlinePad[65] = {
-     3                           /* 64 bits per scanline pad unit */
- };
- 
-+static Bool
-+DefaultCloseScreen(ScreenPtr screen)
-+{
-+    return TRUE;
-+}
-+
- /*
-        grow the array of screenRecs if necessary.
-        call the device-supplied initialization procedure
-@@ -3949,6 +3955,9 @@ static int init_screen(ScreenPtr pScreen, int i, Bool gpu)
-             PixmapWidthPaddingInfo[depth].notPower2 = 0;
-         }
-     }
-+
-+    pScreen->CloseScreen = DefaultCloseScreen;
-+
-     return 0;
- }
- 
-- 
-GitLab
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb
index 2e1d2529ab..43c06181e3 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb
@@ -2,9 +2,6 @@ require xserver-xorg.inc
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
           file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
-           file://CVE-2023-5574-1.patch \
-           file://CVE-2023-5574-2.patch \
-           file://CVE-2023-5574-3.patch \
           "
 SRC_URI[sha256sum] = "ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a"
author	Ross Burton <ross.burton@arm.com>	2023-11-08 15:27:41 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-08 16:42:49 +0000
commit	3d2d75119cedcbac8f9665c1ddc0b8975a55e12a (patch)
tree	934b35ffc14e92518b3b2f2714c177c7625be356 /meta/recipes-graphics/xorg-xserver
parent	832384fdc69bd909183da7572ab8171dc34542c3 (diff)
download	poky-3d2d75119cedcbac8f9665c1ddc0b8975a55e12a.tar.gz

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-1.patch deleted file mode 100644 index 9a8e583e78..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-1.patch +++ /dev/null
@@ -1,113 +0,0 @@
1	From 1953f460b9ad1a9cdf0fcce70f6ad3310b713d5f Mon Sep 17 00:00:00 2001
2	From: Peter Hutterer <peter.hutterer@who-t.net>
3	Date: Thu, 12 Oct 2023 12:44:13 +1000
4	Subject: [PATCH] fb: properly wrap/unwrap CloseScreen
5
6	fbCloseScreen assumes that it overrides miCloseScreen (which just
7	calls FreePixmap(screen->devPrivates)) and emulates that instead of
8	wrapping it.
9
10	This is a wrong assumption, we may have ShmCloseScreen in the mix too,
11	resulting in leaks (see below). Fix this by properly setting up the
12	CloseScreen wrapper.
13
14	This means we no longer need the manual DestroyPixmap call in
15	vfbCloseScreen, reverting d348ab06aae21c153ecbc3511aeafc8ab66d8303
16
17	CVE-2023-5574, ZDI-CAN-21213
18
19	This vulnerability was discovered by:
20	Sri working with Trend Micro Zero Day Initiative
21
22	Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
23	Reviewed-by: Adam Jackson <ajax@redhat.com>
24
25	Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/1953f460b9ad1a9cdf0fcce70f6ad3310b713d5f]
26	CVE: CVE-2023-5574
27	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
28	---
29	fb/fb.h \| 1 +
30	fb/fbscreen.c \| 14 ++++++++++----
31	hw/vfb/InitOutput.c \| 7 -------
32	3 files changed, 11 insertions(+), 11 deletions(-)
33
34	diff --git a/fb/fb.h b/fb/fb.h
35	index d157b6956d..cd7bd05d21 100644
36	--- a/fb/fb.h
37	+++ b/fb/fb.h
38	@@ -410,6 +410,7 @@ typedef struct {
39	#endif
40	DevPrivateKeyRec gcPrivateKeyRec;
41	DevPrivateKeyRec winPrivateKeyRec;
42	+ CloseScreenProcPtr CloseScreen;
43	} FbScreenPrivRec, *FbScreenPrivPtr;
44
45	#define fbGetScreenPrivate(pScreen) ((FbScreenPrivPtr) \
46	diff --git a/fb/fbscreen.c b/fb/fbscreen.c
47	index 4ab807ab50..c481033f98 100644
48	--- a/fb/fbscreen.c
49	+++ b/fb/fbscreen.c
50	@@ -29,6 +29,7 @@
51	Bool
52	fbCloseScreen(ScreenPtr pScreen)
53	{
54	+ FbScreenPrivPtr screen_priv = fbGetScreenPrivate(pScreen);
55	int d;
56	DepthPtr depths = pScreen->allowedDepths;
57
58	@@ -37,9 +38,10 @@ fbCloseScreen(ScreenPtr pScreen)
59	free(depths[d].vids);
60	free(depths);
61	free(pScreen->visuals);
62	- if (pScreen->devPrivate)
63	- FreePixmap((PixmapPtr)pScreen->devPrivate);
64	- return TRUE;
65	+
66	+ pScreen->CloseScreen = screen_priv->CloseScreen;
67	+
68	+ return pScreen->CloseScreen(pScreen);
69	}
70
71	Bool
72	@@ -144,6 +146,7 @@ fbFinishScreenInit(ScreenPtr pScreen, void *pbits, int xsize, int ysize,
73	int dpix, int dpiy, int width, int bpp)
74	#endif
75	{
76	+ FbScreenPrivPtr screen_priv;
77	VisualPtr visuals;
78	DepthPtr depths;
79	int nvisuals;
80	@@ -177,8 +180,11 @@ fbFinishScreenInit(ScreenPtr pScreen, void *pbits, int xsize, int ysize,
81	rootdepth, ndepths, depths,
82	defaultVisual, nvisuals, visuals))
83	return FALSE;
84	- /* overwrite miCloseScreen with our own */
85	+
86	+ screen_priv = fbGetScreenPrivate(pScreen);
87	+ screen_priv->CloseScreen = pScreen->CloseScreen;
88	pScreen->CloseScreen = fbCloseScreen;
89	+
90	return TRUE;
91	}
92
93	diff --git a/hw/vfb/InitOutput.c b/hw/vfb/InitOutput.c
94	index 48efb61b2f..076fb7defa 100644
95	--- a/hw/vfb/InitOutput.c
96	+++ b/hw/vfb/InitOutput.c
97	@@ -720,13 +720,6 @@ vfbCloseScreen(ScreenPtr pScreen)
98
99	pScreen->CloseScreen = pvfb->closeScreen;
100
101	- /*
102	- * fb overwrites miCloseScreen, so do this here
103	- */
104	- if (pScreen->devPrivate)
105	- (*pScreen->DestroyPixmap) (pScreen->devPrivate);
106	- pScreen->devPrivate = NULL;
107	-
108	return pScreen->CloseScreen(pScreen);
109	}
110
111	--
112	GitLab
113


diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch deleted file mode 100644 index 2cdef752c7..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	From b6fe3f924aecac6d6e311673511ce61aa2f7a81f Mon Sep 17 00:00:00 2001
2	From: Peter Hutterer <peter.hutterer@who-t.net>
3	Date: Thu, 12 Oct 2023 12:42:06 +1000
4	Subject: [PATCH] mi: fix CloseScreen initialization order
5
6	If SHM is enabled it will set the CloseScreen pointer, only to be
7	overridden by the hardcoded miCloseScreen pointer. Do this the other way
8	round, miCloseScreen is the bottom of our stack.
9
10	Direct leak of 48 byte(s) in 2 object(s) allocated from:
11	#0 0x7f5ea3ad8cc7 in calloc (/lib64/libasan.so.8+0xd8cc7) (BuildId: d8f3addefe29e892d775c30eb364afd3c2484ca5))
12	#1 0x70adfb in ShmInitScreenPriv ../Xext/shm.c:213
13
14	Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
15	Reviewed-by: Adam Jackson <ajax@redhat.com>
16
17	Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b6fe3f924aecac6d6e311673511ce61aa2f7a81f]
18	CVE: CVE-2023-5574
19	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
20	---
21	mi/miscrinit.c \| 2 +-
22	1 file changed, 1 insertion(+), 1 deletion(-)
23
24	diff --git a/mi/miscrinit.c b/mi/miscrinit.c
25	index 3bb52b1bc6..b88938c9ae 100644
26	--- a/mi/miscrinit.c
27	+++ b/mi/miscrinit.c
28	@@ -249,10 +249,10 @@ miScreenInit(ScreenPtr pScreen, void pbits, / pointer to screen bits */
29	pScreen->numVisuals = numVisuals;
30	pScreen->visuals = visuals;
31	if (width) {
32	+ pScreen->CloseScreen = miCloseScreen;
33	#ifdef MITSHM
34	ShmRegisterFbFuncs(pScreen);
35	#endif
36	- pScreen->CloseScreen = miCloseScreen;
37	}
38	/* else CloseScreen */
39	/* QueryBestSize */
40	--
41	GitLab
42


diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-3.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-3.patch deleted file mode 100644 index 47c247ef0c..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-3.patch +++ /dev/null
@@ -1,54 +0,0 @@
1	From ab2c58ba4719fc31c19c7829b06bdba8a88bd586 Mon Sep 17 00:00:00 2001
2	From: Peter Hutterer <peter.hutterer@who-t.net>
3	Date: Tue, 24 Oct 2023 12:09:36 +1000
4	Subject: [PATCH] dix: always initialize pScreen->CloseScreen
5
6	CloseScreen is wrapped by the various modules, many of which do not
7	check if they're the last ones unwrapping. This is fine if the order of
8	those modules never changes but when it does we might get a NULL-pointer
9	dereference by some naive code doing a
10
11	pScreen->CloseScreen = priv->CloseScreen;
12	free(priv);
13	return (*pScreen->CloseScreen)(pScreen);
14
15	To avoid this set it to a default function that just returns TRUE that's
16	guaranteed to be the last one.
17
18	Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab2c58ba4719fc31c19c7829b06bdba8a88bd586]
19	CVE: CVE-2023-5574
20	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
21	---
22	dix/dispatch.c \| 9 +++++++++
23	1 file changed, 9 insertions(+)
24
25	diff --git a/dix/dispatch.c b/dix/dispatch.c
26	index eaac39b7c9..cd092fd409 100644
27	--- a/dix/dispatch.c
28	+++ b/dix/dispatch.c
29	@@ -3890,6 +3890,12 @@ static int indexForScanlinePad[65] = {
30	3 /* 64 bits per scanline pad unit */
31	};
32
33	+static Bool
34	+DefaultCloseScreen(ScreenPtr screen)
35	+{
36	+ return TRUE;
37	+}
38	+
39	/*
40	grow the array of screenRecs if necessary.
41	call the device-supplied initialization procedure
42	@@ -3949,6 +3955,9 @@ static int init_screen(ScreenPtr pScreen, int i, Bool gpu)
43	PixmapWidthPaddingInfo[depth].notPower2 = 0;
44	}
45	}
46	+
47	+ pScreen->CloseScreen = DefaultCloseScreen;
48	+
49	return 0;
50	}
51
52	--
53	GitLab
54


diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb index 2e1d2529ab..43c06181e3 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb
@@ -2,9 +2,6 @@ require xserver-xorg.inc
2		2
3	SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \	3	SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
4	file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \	4	file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
5	file://CVE-2023-5574-1.patch \
6	file://CVE-2023-5574-2.patch \
7	file://CVE-2023-5574-3.patch \
8	"	5	"
9	SRC_URI[sha256sum] = "ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a"	6	SRC_URI[sha256sum] = "ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a"
10		7