| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2011-4613 is specific to Debian/Ubuntu.
CVE-2020-25697 is a non-trivial attack that may not actually be feasible
considering the default behaviour for clients is to exit if the
connection is lost.
(From OE-Core rev: f82c65b3c69738401ecdac354ed65308929cc20f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit afa2e6c31a79f75ff4113d53f618bbb349cd6c17)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some of the CVEs have x_server as the product name.
(From OE-Core rev: 1f86315f5993ddaafddb99da536bb1a51786fe59)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d5d63cf8605515bb659b6b732683d7fe6540728)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2021-4011 for xserver-xorg.
CVE: CVE-2021-4011
(From OE-Core rev: 5f300f2be6453947a37231ced56ca577c91d93b4)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2021-4010 for xserver-xorg.
CVE: CVE-2021-4010
(From OE-Core rev: 487971876baa9913541a187d98deddc00e60d3f8)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2021-4009 for xserver-xorg.
CVE: CVE-2021-4009
(From OE-Core rev: 33581b19a2eb00b5905325e966edd7f7519a2924)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2021-4008 for xserver-xorg.
CVE: CVE-2021-4008
(From OE-Core rev: e975b1741209e298c3b6a5b101c93e1c17dbced6)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: e458c15627e7b27392d158cbb9417f66424aa7d5)
Signed-off-by: Wadim Egorov <w.egorov@phytec.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory accesses
in the X server.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-3472
Upstream patches:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
(From OE-Core rev: 8fbf485f24711ab29972841ba52dcb9dcdabaffb)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6fec5fea942ce88e33e5cf4c2102d69ce25e7180)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 3b03545ea141a9b6c38742aea6e8464e1a1b2a26)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 630ce8130598e2bca7231ac28a7cc18b5b942544)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix segfault on probing a non-PCI platform device on a system with PCI.
...
at ../../xorg-server-1.20.9/os/log.c:1017
at ../../xorg-server-1.20.9/os/osinit.c:156
at ../../xorg-server-1.20.9/os/osinit.c:110
at ../../../../xorg-server-1.20.9/hw/xfree86/common/xf86platformBus.c:292
argv=argv@entry=0xffffca43c7c8) at ../../../../xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:388
at ../../xorg-server-1.20.9/dix/main.c:193
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>)
at ../csu/libc-start.c:314
...
Backported from upstream rev e50c85f4e.
(From OE-Core rev: 3b37cbd53219d9c10640b462aa91991d8cbc2a23)
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 404292b570a78895a1c7900eeb319e36e31dec20)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Build fails on architectures which use IOPortBase
(From OE-Core rev: 36dc499eea1d0e5c342b94ce30b56ba8bbf04922)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This was fixed in upstream version 1.20.8.
(From OE-Core rev: be3457c76b3381d216087256effcbb3a0cb0356c)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of these were unused, remaining in the inc files long after the
PR values were removed from the recipes.
The only two which did anything wre in xorg-font and for those,
bump PR by hand and remove the INC_PR to clean up all references.
This kind of change is much better handled by PRServ now.
(From OE-Core rev: 3fdd772b419bbecb1fac1efae874a8f160f2112d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 4e06262ee0eafa4aff6dfcd7bd2fdd62820d5f12)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: cf9759b27bca5bb1dfa99fc79b4651bfebe2da52)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is what the upstream recommends nowadays:
https://www.kraxel.org/blog/2014/10/qemu-using-cirrus-considered-harmful/
I have verified that both X and weston continue to boot and look
right; however xorg.conf file needs to be removed as it is cirrus
specific and doesn't work and isn't needed with std vga.
(From OE-Core rev: 96e6434239268fd0fc021bda9c8fedd998597097)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: cad375e113b52069eaa24d7b07a97cc63ae9da46)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
The host kernel version was being encoded into the Xorg binary. Set
an appropriate configure option to avoid this and be deterministic.
(From OE-Core rev: 39e25b045231385c1e2a442fde2c5d4ee07640a8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This is needed with gcc 10
(From OE-Core rev: 312e9fe3f047547df4c21c8e666cc9aa70e15347)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: da8533fcbb3595b14a24f14d6ee7bb7e4665143d)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rename
Besides checking DISTRO_FEATURES for required or conflicting features,
being able to check MACHINE_FEATURES and/or COMBINED_FEATURES may also
be useful at times.
Temporarily support the old class name with a warning about future
deprecation.
(From OE-Core rev: 5f4875b950ce199e91f99c8e945a0c709166dc14)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
The patch has iterated, so update to the latest revision.
(From OE-Core rev: 042e8e8a7181bb3ca830185c38f9287f62c68fe6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: b40277355b4ecf041061b3db0d4d890c7033e96f)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The generated source file sdksyms.c has a comment with the absolute build path,
which means xserver-xorg-src contains this build path. This is both potential
build information leakage and a source of unreproducibility, so remove the
comment.
(From OE-Core rev: 2086e0f08d920de15ab4065fb43c2281b1dcc57a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Ideally we'd disable this as no real world client applications actually use DGA
these days, but some drivers (for example fbdev and cirrus) still need DGA
enabled in the server to build.
(From OE-Core rev: e7b1a58a757334d5c73a9b7a8c67e6ead07166c7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
xorgproto is mentioned in the PACKAGECONFIG build dependencies because in the
past it was many separate *proto recipes. Now they're all in one recipe, which
is in DEPENDS, so we don't need to depend on it several times.
(From OE-Core rev: 1c072b42525864e26d4ab17a64f925ce3803d583)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
latest glibc dropped support for sys/io.h on arm, which is fixed in
upstream xserver, as a bonus we can drop musl specific patch which was
doing something similar up until now.
Fixes
|In file included from ../../../../xorg-server-1.20.4/hw/xfree86/int10/generic.c:15:
| ../../../../xorg-server-1.20.4/hw/xfree86/common/compiler.h:767:10: fatal error: 'sys/io.h' file not found
| #include <sys/io.h>
| ^~~~~~~~~~
| 1 error generated.
(From OE-Core rev: 1c72953b6c890b8411fec997b5c28a17eed82897)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8995f2c7d6f2f6f760811976af77e949d505a5d8)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: b11725db2d5549dc45d8ae36fbf94a5c8e342d69)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: c7e31a84ebfd75ab2e509ae313e0b89d57294fbb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
1.20.3 fixes arm booting in testimage
(From OE-Core rev: 7d96e1659b1616f287805abb42f512fa17c0c493)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Incorrect command-line parameter validation in the Xorg X server can lead to
privilege elevation and/or arbitrary files overwrite, when the X server is
running with elevated privileges (ie when Xorg is installed with the setuid bit
set and started by a non-root user). The -modulepath argument can be used to
specify an insecure path to modules that are going to be loaded in the X server,
allowing to execute unprivileged code in the privileged process. The -logfile
argument can be used to overwrite arbitrary files in the file system, due to
incorrect checks in the parsing of the option.
(From OE-Core rev: 14b5854d50c38e94fc0d1ce6af36698fc69f52b4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of having a patch that upstream won't accept, rewrite it in a
upstreamable way and <gasp> submit it upstream.
The fundamental problem is that pkg-config --variable=sdkdir will return the
value of sdkdir literally, whereas --cflags will return -I${sdkdir} *but* will
do sysroot relocation magic on the path so it is usable.
(From OE-Core rev: 4af34cb1193fe86b862566becfb560b3d19155f4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch is forcing input to use SIGIO, despite the fact that since 2015
xserver has used an input thread.
(From OE-Core rev: cde11398e6d74ad8f27334199b4bd99cdf1f0ff7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream doesn't assume a monotonic clock isn't available anymore, so we can
remove this patch.
(From OE-Core rev: 25e034b4c3854a7a9190c4deee7fbca6ba4a8c47)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When updating to xorg-xserver 1.20+, mips64 would not work correctly and
cause the xorg test to fail.
Changing the DefaultDepth fixed that.
[Yocto # 12845]
(From OE-Core rev: 46c72077a79ec7a37daefe78ba0f6230ee36bfbf)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
removed included patch
Refresh 0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC
Remove 0001-config-fix-NULL-value-detection-for-ID_INPUT-being-u.patch
(From OE-Core rev: 2aef37314d90ba5144b8f8c5d26190b687ddbbb3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes Yocto # 12899
Xorg.log message:
(II) config/udev: Adding input device (unnamed) (/dev/tty59)
and cause system freezes.
(From OE-Core rev: e29a330e04baf0881805e4a36d28bafad7fcd318)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Enable the systemd-logind on xserver if the user set systemd as a
DISTRO_CONFIG. If a user is buildling Xorg with systemd then they most
likley want the systemd-logind PACKAGECONFIG set.
(From OE-Core rev: 358c237e2adf5449e33d99ebbdc12670f4bd465e)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This completes the transition to xorgproto.
(From OE-Core rev: 9d236bd40ef8598c78c1ea807d658467700505e2)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The 'glamor' PACKAGECONFIG in xserver-xorg creates a dependency on libgbm
which can be satisfied in some cases by mesa, in others by blobs such as mali.
(From OE-Core rev: 5f8050722169a931b8e9078b8757216ba7a84506)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debian and Fedora both carry this patch, and the xf86-video-modesetting
driver seems better on recent hardware.
As an example, on a NUC6CAYS, the x11perf -aa10text and -rgb10text tests
see around a 20x increase.
[YOCTO #12019]
[YOCTO #12390]
(From OE-Core rev: 2e4934d5d4b2745ffcd76020b307b9021f8d8853)
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 77fb72c76c8a5b2229a32f36a913a3293e9d2b56)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
See https://lists.freedesktop.org/archives/xorg/2017-December/059095.html for details
(From OE-Core rev: f80d7cdda6606e7aa0907447bba73d17be7ab1d7)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The installation path and wayland-scanner location problems in Wayland were
resolved in "wayland: Fix installation patch issue" (oe-core 14c0d99) which made
the WAYLAND_PROTOCOLS_SYSROOT_DIR workaround redundant.
(From OE-Core rev: 2dffd043c7f9bb71356a0d0b86b5b0a19fdf7343)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This file has been removed but the CONFFILES assignment for it wasn't.
(From OE-Core rev: 5caf53cddceafe55d25a9e53843bbcc2012db829)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch modify the way we manage wayland path issues.
Instead of patching each recipe to make it work with wayland and its protocols,
it is better to patch wayland to fix its path issues.
So wayland-scanner.pc, wayland-client.pc and wayland-protocols.pc are patched to change paths.
Then we can drop the following workaround:
WAYLAND_PROTOCOLS_SYSROOT_DIR=${RECIPE_SYSROOT}
in:
- gtk+3
- libsdl2
- xserver-xorg
- gstreamer1.0-plugins-bad
- weston-2.0.0
We also dropped libsdl2 patches which fix wayland paths.
(From OE-Core rev: 14c0d992152ce27ee616558cafb408ed008d936e)
Signed-off-by: Fabien Lahoudere <fabien.lahoudere@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove patches that are included in 1.19.4
[ANNOUNCE] xorg-server 1.19.4
https://lists.x.org/archives/xorg-devel/2017-October/054839.html
xkb: Handle xkb formated string output safely (CVE-2017-13723)
Xext/shm: Validate shmseg resource id (CVE-2017-13721)
[ANNOUNCE] xorg-server 1.19.5
https://lists.x.org/archives/xorg-announce/2017-October/002814.html
One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017-
12176 through 2017-12187. C is a terrible language, please stop writing
code in it.
(From OE-Core rev: 608df0ac0101fe0a7c3a779ed52118b0ab4381c3)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
