diff options
Diffstat (limited to 'meta/recipes-graphics')
14 files changed, 304 insertions, 3 deletions
diff --git a/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch b/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch new file mode 100644 index 0000000000..03b6dba153 --- /dev/null +++ b/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch | |||
@@ -0,0 +1,81 @@ | |||
1 | From ade1818b7542ef9e11ece5ce98df91fab45d674c Mon Sep 17 00:00:00 2001 | ||
2 | From: DRC <information@libjpeg-turbo.org> | ||
3 | Date: Tue, 2 Jun 2020 14:15:37 -0500 | ||
4 | Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM | ||
5 | |||
6 | This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to | ||
7 | include binary PPM files with maximum values < 255, thus preventing a | ||
8 | malformed binary PPM input file with those specifications from | ||
9 | triggering an overrun of the rescale array and potentially crashing | ||
10 | cjpeg, TJBench, or any program that uses the tjLoadImage() function. | ||
11 | |||
12 | Fixes #433 | ||
13 | |||
14 | CVE: CVE-2020-13790 | ||
15 | |||
16 | Signed-off-by: Liu Haitao <haitao.liu@windriver.com> | ||
17 | --- | ||
18 | ChangeLog.md | 20 ++++++++++++++++---- | ||
19 | rdppm.c | 4 ++-- | ||
20 | 2 files changed, 18 insertions(+), 6 deletions(-) | ||
21 | |||
22 | diff --git a/ChangeLog.md b/ChangeLog.md | ||
23 | index 3667d12..198c7b8 100644 | ||
24 | --- a/ChangeLog.md | ||
25 | +++ b/ChangeLog.md | ||
26 | @@ -1,3 +1,15 @@ | ||
27 | +2.0.4 | ||
28 | +===== | ||
29 | + | ||
30 | +### Significant changes relative to 2.0.3: | ||
31 | + | ||
32 | +1. Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg, | ||
33 | +TJBench, or the `tjLoadImage()` function if one of the values in a binary | ||
34 | +PPM/PGM input file exceeded the maximum value defined in the file's header and | ||
35 | +that maximum value was less than 255. libjpeg-turbo 1.5.0 already included a | ||
36 | +similar fix for binary PPM/PGM files with maximum values greater than 255. | ||
37 | + | ||
38 | + | ||
39 | 2.0.3 | ||
40 | ===== | ||
41 | |||
42 | @@ -520,10 +532,10 @@ application was linked against. | ||
43 | |||
44 | 3. Fixed a couple of issues in the PPM reader that would cause buffer overruns | ||
45 | in cjpeg if one of the values in a binary PPM/PGM input file exceeded the | ||
46 | -maximum value defined in the file's header. libjpeg-turbo 1.4.2 already | ||
47 | -included a similar fix for ASCII PPM/PGM files. Note that these issues were | ||
48 | -not security bugs, since they were confined to the cjpeg program and did not | ||
49 | -affect any of the libjpeg-turbo libraries. | ||
50 | +maximum value defined in the file's header and that maximum value was greater | ||
51 | +than 255. libjpeg-turbo 1.4.2 already included a similar fix for ASCII PPM/PGM | ||
52 | +files. Note that these issues were not security bugs, since they were confined | ||
53 | +to the cjpeg program and did not affect any of the libjpeg-turbo libraries. | ||
54 | |||
55 | 4. Fixed an issue whereby attempting to decompress a JPEG file with a corrupt | ||
56 | header using the `tjDecompressToYUV2()` function would cause the function to | ||
57 | diff --git a/rdppm.c b/rdppm.c | ||
58 | index 87bc330..a8507b9 100644 | ||
59 | --- a/rdppm.c | ||
60 | +++ b/rdppm.c | ||
61 | @@ -5,7 +5,7 @@ | ||
62 | * Copyright (C) 1991-1997, Thomas G. Lane. | ||
63 | * Modified 2009 by Bill Allombert, Guido Vollbeding. | ||
64 | * libjpeg-turbo Modifications: | ||
65 | - * Copyright (C) 2015-2017, D. R. Commander. | ||
66 | + * Copyright (C) 2015-2017, 2020, D. R. Commander. | ||
67 | * For conditions of distribution and use, see the accompanying README.ijg | ||
68 | * file. | ||
69 | * | ||
70 | @@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) | ||
71 | /* On 16-bit-int machines we have to be careful of maxval = 65535 */ | ||
72 | source->rescale = (JSAMPLE *) | ||
73 | (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, | ||
74 | - (size_t)(((long)maxval + 1L) * | ||
75 | + (size_t)(((long)MAX(maxval, 255) + 1L) * | ||
76 | sizeof(JSAMPLE))); | ||
77 | half_maxval = maxval / 2; | ||
78 | for (val = 0; val <= (long)maxval; val++) { | ||
79 | -- | ||
80 | 2.17.0 | ||
81 | |||
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb index 1cf854de62..8ea81f386f 100644 --- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb +++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb | |||
@@ -12,6 +12,7 @@ DEPENDS_append_x86_class-target = " nasm-native" | |||
12 | 12 | ||
13 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ | 13 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ |
14 | file://0001-libjpeg-turbo-fix-package_qa-error.patch \ | 14 | file://0001-libjpeg-turbo-fix-package_qa-error.patch \ |
15 | file://0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch \ | ||
15 | " | 16 | " |
16 | 17 | ||
17 | SRC_URI[md5sum] = "bd07fddf26f9def7bab02739eb655116" | 18 | SRC_URI[md5sum] = "bd07fddf26f9def7bab02739eb655116" |
diff --git a/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch b/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch index 3458c19199..346b217585 100644 --- a/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch +++ b/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch | |||
@@ -23,7 +23,7 @@ index 0e50bb26c0a..de065c290d6 100644 | |||
23 | with_dri_swrast = dri_drivers.contains('swrast') | 23 | with_dri_swrast = dri_drivers.contains('swrast') |
24 | 24 | ||
25 | -with_dri = dri_drivers.length() != 0 and dri_drivers != [''] | 25 | -with_dri = dri_drivers.length() != 0 and dri_drivers != [''] |
26 | +with_dri = get_option('dri') or (_drivers.length() != 0 and _drivers != ['']) | 26 | +with_dri = get_option('dri') or (dri_drivers.length() != 0 and dri_drivers != ['']) |
27 | 27 | ||
28 | gallium_drivers = get_option('gallium-drivers') | 28 | gallium_drivers = get_option('gallium-drivers') |
29 | if gallium_drivers.contains('auto') | 29 | if gallium_drivers.contains('auto') |
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch new file mode 100644 index 0000000000..ad61c95be3 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18390.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 24f67de7a9088a873844a39be03cee6882260ac9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gert Wollny <gert.wollny@collabora.com> | ||
3 | Date: Mon, 7 Oct 2019 10:59:56 +0200 | ||
4 | Subject: [PATCH] vrend: check info formats in blits | ||
5 | |||
6 | Closes #141 | ||
7 | Closes #142 | ||
8 | |||
9 | v2 : drop colon in error description (Emil) | ||
10 | |||
11 | Signed-off-by: Gert Wollny <gert.wollny@collabora.com> | ||
12 | Reviewed-by: Emil Velikov <emil.velikov@collabora.com> | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | [https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9] | ||
16 | CVE: CVE-2019-18390 | ||
17 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
18 | --- | ||
19 | src/virgl_hw.h | 1 + | ||
20 | src/vrend_renderer.c | 11 +++++++++++ | ||
21 | 2 files changed, 12 insertions(+) | ||
22 | |||
23 | diff --git a/src/virgl_hw.h b/src/virgl_hw.h | ||
24 | index 145780bf..5ccf3073 100644 | ||
25 | --- a/src/virgl_hw.h | ||
26 | +++ b/src/virgl_hw.h | ||
27 | @@ -426,6 +426,7 @@ enum virgl_ctx_errors { | ||
28 | VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER, | ||
29 | VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS, | ||
30 | VIRGL_ERROR_GL_ANY_SAMPLES_PASSED, | ||
31 | + VIRGL_ERROR_CTX_ILLEGAL_FORMAT, | ||
32 | }; | ||
33 | |||
34 | #define VIRGL_RESOURCE_Y_0_TOP (1 << 0) | ||
35 | diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c | ||
36 | index 14fefb38..aa6a89c1 100644 | ||
37 | --- a/src/vrend_renderer.c | ||
38 | +++ b/src/vrend_renderer.c | ||
39 | @@ -758,6 +758,7 @@ static const char *vrend_ctx_error_strings[] = { | ||
40 | [VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER] = "Illegal command buffer", | ||
41 | [VIRGL_ERROR_CTX_GLES_HAVE_TES_BUT_MISS_TCS] = "On GLES context and shader program has tesselation evaluation shader but no tesselation control shader", | ||
42 | [VIRGL_ERROR_GL_ANY_SAMPLES_PASSED] = "Query for ANY_SAMPLES_PASSED not supported", | ||
43 | + [VIRGL_ERROR_CTX_ILLEGAL_FORMAT] = "Illegal format ID", | ||
44 | }; | ||
45 | |||
46 | static void __report_context_error(const char *fname, struct vrend_context *ctx, | ||
47 | @@ -8492,6 +8493,16 @@ void vrend_renderer_blit(struct vrend_context *ctx, | ||
48 | if (ctx->in_error) | ||
49 | return; | ||
50 | |||
51 | + if (!info->src.format || (enum virgl_formats)info->src.format >= VIRGL_FORMAT_MAX) { | ||
52 | + report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->src.format); | ||
53 | + return; | ||
54 | + } | ||
55 | + | ||
56 | + if (!info->dst.format || (enum virgl_formats)info->dst.format >= VIRGL_FORMAT_MAX) { | ||
57 | + report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->dst.format); | ||
58 | + return; | ||
59 | + } | ||
60 | + | ||
61 | if (info->render_condition_enable == false) | ||
62 | vrend_pause_render_condition(ctx, true); | ||
63 | |||
64 | -- | ||
65 | 2.24.1 | ||
66 | |||
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch new file mode 100644 index 0000000000..cc641d8293 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2019-18391.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | From 2abeb1802e3c005b17a7123e382171b3fb665971 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gert Wollny <gert.wollny@collabora.com> | ||
3 | Date: Tue, 8 Oct 2019 17:27:01 +0200 | ||
4 | Subject: [PATCH] vrend: check that the transfer iov holds enough data for the | ||
5 | data upload | ||
6 | |||
7 | Closes #140 | ||
8 | |||
9 | Signed-off-by: Gert Wollny <gert.wollny@collabora.com> | ||
10 | Reviewed-by: Emil Velikov <emil.velikov@collabora.com> | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | [https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971] | ||
14 | CVE: CVE-2019-18391 | ||
15 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
16 | --- | ||
17 | src/vrend_renderer.c | 11 +++++++++-- | ||
18 | 1 file changed, 9 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c | ||
21 | index 694e1d0e..fe23846b 100644 | ||
22 | --- a/src/vrend_renderer.c | ||
23 | +++ b/src/vrend_renderer.c | ||
24 | @@ -7005,15 +7005,22 @@ static int vrend_renderer_transfer_write_iov(struct vrend_context *ctx, | ||
25 | invert = true; | ||
26 | } | ||
27 | |||
28 | + send_size = util_format_get_nblocks(res->base.format, info->box->width, | ||
29 | + info->box->height) * elsize; | ||
30 | + if (res->target == GL_TEXTURE_3D || | ||
31 | + res->target == GL_TEXTURE_2D_ARRAY || | ||
32 | + res->target == GL_TEXTURE_CUBE_MAP_ARRAY) | ||
33 | + send_size *= info->box->depth; | ||
34 | + | ||
35 | if (need_temp) { | ||
36 | - send_size = util_format_get_nblocks(res->base.format, info->box->width, | ||
37 | - info->box->height) * elsize * info->box->depth; | ||
38 | data = malloc(send_size); | ||
39 | if (!data) | ||
40 | return ENOMEM; | ||
41 | read_transfer_data(iov, num_iovs, data, res->base.format, info->offset, | ||
42 | stride, layer_stride, info->box, invert); | ||
43 | } else { | ||
44 | + if (send_size > iov[0].iov_len - info->offset) | ||
45 | + return EINVAL; | ||
46 | data = (char*)iov[0].iov_base + info->offset; | ||
47 | } | ||
48 | |||
49 | -- | ||
50 | 2.24.1 | ||
51 | |||
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch new file mode 100644 index 0000000000..925f2c8eb0 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2020-8002.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From 63bcca251f093d83da7e290ab4bbd38ae69089b5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gert Wollny <gert.wollny@collabora.com> | ||
3 | Date: Wed, 15 Jan 2020 13:43:58 +0100 | ||
4 | Subject: [PATCH] vrend: Don't try launching a grid if no CS is available | ||
5 | |||
6 | Closes #155 | ||
7 | |||
8 | Signed-off-by: Gert Wollny <gert.wollny@collabora.com> | ||
9 | Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org> | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | [https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5.patch] | ||
13 | CVE: CVE-2020-8002 | ||
14 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
15 | --- | ||
16 | src/vrend_renderer.c | 7 +++++++ | ||
17 | 1 file changed, 7 insertions(+) | ||
18 | |||
19 | diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c | ||
20 | index a054bad8..2280fc43 100644 | ||
21 | --- a/src/vrend_renderer.c | ||
22 | +++ b/src/vrend_renderer.c | ||
23 | @@ -4604,6 +4604,13 @@ void vrend_launch_grid(struct vrend_context *ctx, | ||
24 | } | ||
25 | ctx->sub->shader_dirty = true; | ||
26 | } | ||
27 | + | ||
28 | + if (!ctx->sub->prog) { | ||
29 | + vrend_printf("%s: Skipping compute shader execution due to missing shaders: %s\n", | ||
30 | + __func__, ctx->debug_name); | ||
31 | + return; | ||
32 | + } | ||
33 | + | ||
34 | vrend_use_program(ctx, ctx->sub->prog->id); | ||
35 | |||
36 | vrend_draw_bind_ubo_shader(ctx, PIPE_SHADER_COMPUTE, 0); | ||
37 | -- | ||
38 | 2.24.1 | ||
39 | |||
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb index d2b11c103a..e91ccc6c57 100644 --- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb +++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb | |||
@@ -8,6 +8,9 @@ DEPENDS = "libdrm mesa libepoxy" | |||
8 | SRCREV = "48cc96c9aebb9d0164830a157efc8916f08f00c0" | 8 | SRCREV = "48cc96c9aebb9d0164830a157efc8916f08f00c0" |
9 | SRC_URI = "git://anongit.freedesktop.org/virglrenderer \ | 9 | SRC_URI = "git://anongit.freedesktop.org/virglrenderer \ |
10 | file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ | 10 | file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ |
11 | file://CVE-2019-18390.patch \ | ||
12 | file://CVE-2019-18391.patch \ | ||
13 | file://CVE-2020-8002.patch \ | ||
11 | " | 14 | " |
12 | 15 | ||
13 | S = "${WORKDIR}/git" | 16 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-graphics/waffle/waffle_1.6.0.bb b/meta/recipes-graphics/waffle/waffle_1.6.0.bb index 8a1d5748f6..82cead9ad1 100644 --- a/meta/recipes-graphics/waffle/waffle_1.6.0.bb +++ b/meta/recipes-graphics/waffle/waffle_1.6.0.bb | |||
@@ -35,3 +35,8 @@ PACKAGECONFIG[x11-egl] = "-Dx11_egl=enabled,-Dx11_egl=disabled,virtual/${MLPREFI | |||
35 | PACKAGECONFIG[surfaceless-egl] = "-Dsurfaceless_egl=enabled,-Dsurfaceless_egl=disabled,virtual/${MLPREFIX}libgl" | 35 | PACKAGECONFIG[surfaceless-egl] = "-Dsurfaceless_egl=enabled,-Dsurfaceless_egl=disabled,virtual/${MLPREFIX}libgl" |
36 | 36 | ||
37 | # TODO: optionally build manpages and examples | 37 | # TODO: optionally build manpages and examples |
38 | |||
39 | # Unset these to stop python trying to report the target Python setup | ||
40 | _PYTHON_SYSCONFIGDATA_NAME[unexport] = "1" | ||
41 | STAGING_INCDIR[unexport] = "1" | ||
42 | STAGING_LIBDIR[unexport] = "1" | ||
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf new file mode 100644 index 0000000000..7ab7460816 --- /dev/null +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf | |||
@@ -0,0 +1,2 @@ | |||
1 | cap_sys_admin @USER@ | ||
2 | none * | ||
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm index 6c548551b8..116bb278bc 100755 --- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm | |||
@@ -38,6 +38,14 @@ case "$1" in | |||
38 | if [ -e /dev/hidraw0 ]; then | 38 | if [ -e /dev/hidraw0 ]; then |
39 | chmod o+rw /dev/hidraw* | 39 | chmod o+rw /dev/hidraw* |
40 | fi | 40 | fi |
41 | # Make sure that the Xorg has the cap_sys_admin capability which is | ||
42 | # needed for setting the drm master | ||
43 | if ! grep -q "^auth.*pam_cap\.so" /etc/pam.d/su; then | ||
44 | echo "auth optional pam_cap.so" >>/etc/pam.d/su | ||
45 | fi | ||
46 | if ! /usr/sbin/getcap $XSERVER | grep -q cap_sys_admin; then | ||
47 | /usr/sbin/setcap cap_sys_admin+eip $XSERVER | ||
48 | fi | ||
41 | fi | 49 | fi |
42 | 50 | ||
43 | # Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211] | 51 | # Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211] |
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb index a77c56445c..7f4e1e29f1 100644 --- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb | |||
@@ -10,6 +10,7 @@ SRC_URI = "file://xserver-nodm \ | |||
10 | file://gplv2-license.patch \ | 10 | file://gplv2-license.patch \ |
11 | file://xserver-nodm.service.in \ | 11 | file://xserver-nodm.service.in \ |
12 | file://xserver-nodm.conf.in \ | 12 | file://xserver-nodm.conf.in \ |
13 | file://capability.conf \ | ||
13 | " | 14 | " |
14 | 15 | ||
15 | S = "${WORKDIR}" | 16 | S = "${WORKDIR}" |
@@ -19,7 +20,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" | |||
19 | 20 | ||
20 | inherit update-rc.d systemd distro_features_check | 21 | inherit update-rc.d systemd distro_features_check |
21 | 22 | ||
22 | REQUIRED_DISTRO_FEATURES = "x11" | 23 | REQUIRED_DISTRO_FEATURES = "x11 ${@oe.utils.conditional('ROOTLESS_X', '1', 'pam', '', d)}" |
23 | 24 | ||
24 | PACKAGECONFIG ??= "blank" | 25 | PACKAGECONFIG ??= "blank" |
25 | # dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG | 26 | # dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG |
@@ -40,6 +41,8 @@ do_install() { | |||
40 | if [ "${ROOTLESS_X}" = "1" ] ; then | 41 | if [ "${ROOTLESS_X}" = "1" ] ; then |
41 | XUSER_HOME="/home/xuser" | 42 | XUSER_HOME="/home/xuser" |
42 | XUSER="xuser" | 43 | XUSER="xuser" |
44 | install -D capability.conf ${D}${sysconfdir}/security/capability.conf | ||
45 | sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf | ||
43 | else | 46 | else |
44 | XUSER_HOME=${ROOT_HOME} | 47 | XUSER_HOME=${ROOT_HOME} |
45 | XUSER="root" | 48 | XUSER="root" |
@@ -60,7 +63,7 @@ do_install() { | |||
60 | fi | 63 | fi |
61 | } | 64 | } |
62 | 65 | ||
63 | RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account', '', d)}" | 66 | RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}" |
64 | 67 | ||
65 | INITSCRIPT_NAME = "xserver-nodm" | 68 | INITSCRIPT_NAME = "xserver-nodm" |
66 | INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ." | 69 | INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ." |
diff --git a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb index a39609b5da..74014ff91b 100644 --- a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb +++ b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb | |||
@@ -19,3 +19,7 @@ SRC_URI[sha256sum] = "bd96e16143a044b19e87f217cf6a3763a70c561d1076aad6f6d862ec41 | |||
19 | inherit allarch | 19 | inherit allarch |
20 | 20 | ||
21 | EXTRA_OECONF += "--with-encodingsdir=${datadir}/fonts/X11/encodings" | 21 | EXTRA_OECONF += "--with-encodingsdir=${datadir}/fonts/X11/encodings" |
22 | |||
23 | # postinst from .inc doesn't apply to this recipe | ||
24 | pkg_postinst_${PN} () { | ||
25 | } | ||
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch new file mode 100644 index 0000000000..20a604869b --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001 | ||
2 | From: Matthieu Herrb <matthieu@herrb.eu> | ||
3 | Date: Sat, 25 Jul 2020 19:33:50 +0200 | ||
4 | Subject: [PATCH] fix for ZDI-11426 | ||
5 | |||
6 | Avoid leaking un-initalized memory to clients by zeroing the | ||
7 | whole pixmap on initial allocation. | ||
8 | |||
9 | This vulnerability was discovered by: | ||
10 | Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | ||
11 | |||
12 | Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> | ||
13 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | CVE: CVE-2020-14347 | ||
17 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | ||
18 | --- | ||
19 | dix/pixmap.c | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/dix/pixmap.c b/dix/pixmap.c | ||
23 | index 1186d7dbb..5a0146bbb 100644 | ||
24 | --- a/dix/pixmap.c | ||
25 | +++ b/dix/pixmap.c | ||
26 | @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) | ||
27 | if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) | ||
28 | return NullPixmap; | ||
29 | |||
30 | - pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); | ||
31 | + pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize); | ||
32 | if (!pPixmap) | ||
33 | return NullPixmap; | ||
34 | |||
35 | -- | ||
36 | 2.17.1 | ||
37 | |||
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb index 3de6d22e57..f0f15a2584 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.5.bb | |||
@@ -5,6 +5,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat | |||
5 | file://0001-test-xtest-Initialize-array-with-braces.patch \ | 5 | file://0001-test-xtest-Initialize-array-with-braces.patch \ |
6 | file://0001-compiler.h-Do-not-include-sys-io.h-on-ARM-with-glibc.patch \ | 6 | file://0001-compiler.h-Do-not-include-sys-io.h-on-ARM-with-glibc.patch \ |
7 | file://sdksyms-no-build-path.patch \ | 7 | file://sdksyms-no-build-path.patch \ |
8 | file://CVE-2020-14347.patch \ | ||
8 | " | 9 | " |
9 | SRC_URI[md5sum] = "c9fc7e21e11286dbedd22c00df652130" | 10 | SRC_URI[md5sum] = "c9fc7e21e11286dbedd22c00df652130" |
10 | SRC_URI[sha256sum] = "a81d8243f37e75a03d4f8c55f96d0bc25802be6ec45c3bfa5cb614c6d01bac9d" | 11 | SRC_URI[sha256sum] = "a81d8243f37e75a03d4f8c55f96d0bc25802be6ec45c3bfa5cb614c6d01bac9d" |