diff options
| author | Armin Kuster <akuster808@gmail.com> | 2018-10-31 07:39:58 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-14 11:14:38 +0000 |
| commit | 0cbda4a42e18b326bc74d045f435c02de59822fb (patch) | |
| tree | d43f25ce3ae91373ffe0c9f56dd1bd6b2713b440 /meta/recipes-graphics | |
| parent | d2aaa2614a6edf5386fd9f3a68cc3ff899a3274a (diff) | |
| download | poky-0cbda4a42e18b326bc74d045f435c02de59822fb.tar.gz | |
xserver-xorg: update to 1.20.3
1.20.3 fixes arm booting in testimage
(From OE-Core rev: 7d96e1659b1616f287805abb42f512fa17c0c493)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
| -rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch | 62 | ||||
| -rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.3.bb (renamed from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb) | 5 |
2 files changed, 2 insertions, 65 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch deleted file mode 100644 index 7f6235b432..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch +++ /dev/null | |||
| @@ -1,62 +0,0 @@ | |||
| 1 | Incorrect command-line parameter validation in the Xorg X server can lead to | ||
| 2 | privilege elevation and/or arbitrary files overwrite, when the X server is | ||
| 3 | running with elevated privileges (ie when Xorg is installed with the setuid bit | ||
| 4 | set and started by a non-root user). The -modulepath argument can be used to | ||
| 5 | specify an insecure path to modules that are going to be loaded in the X server, | ||
| 6 | allowing to execute unprivileged code in the privileged process. The -logfile | ||
| 7 | argument can be used to overwrite arbitrary files in the file system, due to | ||
| 8 | incorrect checks in the parsing of the option. | ||
| 9 | |||
| 10 | CVE: CVE-2018-14665 | ||
| 11 | Upstream-Status: Backport | ||
| 12 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 13 | |||
| 14 | From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001 | ||
| 15 | From: Matthieu Herrb <matthieu@herrb.eu> | ||
| 16 | Date: Tue, 23 Oct 2018 21:29:08 +0200 | ||
| 17 | Subject: [PATCH] Disable -logfile and -modulepath when running with elevated | ||
| 18 | privileges | ||
| 19 | |||
| 20 | Could cause privilege elevation and/or arbitrary files overwrite, when | ||
| 21 | the X server is running with elevated privileges (ie when Xorg is | ||
| 22 | installed with the setuid bit set and started by a non-root user). | ||
| 23 | |||
| 24 | CVE-2018-14665 | ||
| 25 | |||
| 26 | Issue reported by Narendra Shinde and Red Hat. | ||
| 27 | |||
| 28 | Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> | ||
| 29 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
| 30 | Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> | ||
| 31 | Reviewed-by: Adam Jackson <ajax@redhat.com> | ||
| 32 | --- | ||
| 33 | hw/xfree86/common/xf86Init.c | 8 ++++++-- | ||
| 34 | 1 file changed, 6 insertions(+), 2 deletions(-) | ||
| 35 | |||
| 36 | diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c | ||
| 37 | index 6c25eda73..0f57efa86 100644 | ||
| 38 | --- a/hw/xfree86/common/xf86Init.c | ||
| 39 | +++ b/hw/xfree86/common/xf86Init.c | ||
| 40 | @@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) | ||
| 41 | /* First the options that are not allowed with elevated privileges */ | ||
| 42 | if (!strcmp(argv[i], "-modulepath")) { | ||
| 43 | CHECK_FOR_REQUIRED_ARGUMENT(); | ||
| 44 | - xf86CheckPrivs(argv[i], argv[i + 1]); | ||
| 45 | + if (xf86PrivsElevated()) | ||
| 46 | + FatalError("\nInvalid argument -modulepath " | ||
| 47 | + "with elevated privileges\n"); | ||
| 48 | xf86ModulePath = argv[i + 1]; | ||
| 49 | xf86ModPathFrom = X_CMDLINE; | ||
| 50 | return 2; | ||
| 51 | } | ||
| 52 | if (!strcmp(argv[i], "-logfile")) { | ||
| 53 | CHECK_FOR_REQUIRED_ARGUMENT(); | ||
| 54 | - xf86CheckPrivs(argv[i], argv[i + 1]); | ||
| 55 | + if (xf86PrivsElevated()) | ||
| 56 | + FatalError("\nInvalid argument -logfile " | ||
| 57 | + "with elevated privileges\n"); | ||
| 58 | xf86LogFile = argv[i + 1]; | ||
| 59 | xf86LogFileFrom = X_CMDLINE; | ||
| 60 | return 2; | ||
| 61 | -- | ||
| 62 | 2.18.1 | ||
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.3.bb index 9fd2e8d870..1caa154a23 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.3.bb | |||
| @@ -3,10 +3,9 @@ require xserver-xorg.inc | |||
| 3 | SRC_URI += "file://musl-arm-inb-outb.patch \ | 3 | SRC_URI += "file://musl-arm-inb-outb.patch \ |
| 4 | file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ | 4 | file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ |
| 5 | file://pkgconfig.patch \ | 5 | file://pkgconfig.patch \ |
| 6 | file://CVE-2018-14665.patch \ | ||
| 7 | " | 6 | " |
| 8 | SRC_URI[md5sum] = "e525846d1d0af5732ba835f2e2ec066d" | 7 | SRC_URI[md5sum] = "8ee29e8b24cef6b3cfa747ec01b9155a" |
| 9 | SRC_URI[sha256sum] = "59c99fe86fe75b8164c6567bfc6e982aecc2e4a51e6fbac1b842d5d00549e918" | 8 | SRC_URI[sha256sum] = "1b3ce466c12cacbe2252b3ad5b0ed561972eef9d09e75900d65fb1e21f9201de" |
| 10 | 9 | ||
| 11 | # These extensions are now integrated into the server, so declare the migration | 10 | # These extensions are now integrated into the server, so declare the migration |
| 12 | # path for in-place upgrades. | 11 | # path for in-place upgrades. |