From 0cbda4a42e18b326bc74d045f435c02de59822fb Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Wed, 31 Oct 2018 07:39:58 -0700 Subject: xserver-xorg: update to 1.20.3 1.20.3 fixes arm booting in testimage (From OE-Core rev: 7d96e1659b1616f287805abb42f512fa17c0c493) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../xorg-xserver/xserver-xorg/CVE-2018-14665.patch | 62 ---------------------- .../xorg-xserver/xserver-xorg_1.20.1.bb | 31 ----------- .../xorg-xserver/xserver-xorg_1.20.3.bb | 30 +++++++++++ 3 files changed, 30 insertions(+), 93 deletions(-) delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.3.bb (limited to 'meta') diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch deleted file mode 100644 index 7f6235b432..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch +++ /dev/null @@ -1,62 +0,0 @@ -Incorrect command-line parameter validation in the Xorg X server can lead to -privilege elevation and/or arbitrary files overwrite, when the X server is -running with elevated privileges (ie when Xorg is installed with the setuid bit -set and started by a non-root user). The -modulepath argument can be used to -specify an insecure path to modules that are going to be loaded in the X server, -allowing to execute unprivileged code in the privileged process. The -logfile -argument can be used to overwrite arbitrary files in the file system, due to -incorrect checks in the parsing of the option. - -CVE: CVE-2018-14665 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Tue, 23 Oct 2018 21:29:08 +0200 -Subject: [PATCH] Disable -logfile and -modulepath when running with elevated - privileges - -Could cause privilege elevation and/or arbitrary files overwrite, when -the X server is running with elevated privileges (ie when Xorg is -installed with the setuid bit set and started by a non-root user). - -CVE-2018-14665 - -Issue reported by Narendra Shinde and Red Hat. - -Signed-off-by: Matthieu Herrb -Reviewed-by: Alan Coopersmith -Reviewed-by: Peter Hutterer -Reviewed-by: Adam Jackson ---- - hw/xfree86/common/xf86Init.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c -index 6c25eda73..0f57efa86 100644 ---- a/hw/xfree86/common/xf86Init.c -+++ b/hw/xfree86/common/xf86Init.c -@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) - /* First the options that are not allowed with elevated privileges */ - if (!strcmp(argv[i], "-modulepath")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -modulepath " -+ "with elevated privileges\n"); - xf86ModulePath = argv[i + 1]; - xf86ModPathFrom = X_CMDLINE; - return 2; - } - if (!strcmp(argv[i], "-logfile")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -logfile " -+ "with elevated privileges\n"); - xf86LogFile = argv[i + 1]; - xf86LogFileFrom = X_CMDLINE; - return 2; --- -2.18.1 diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb deleted file mode 100644 index 9fd2e8d870..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb +++ /dev/null @@ -1,31 +0,0 @@ -require xserver-xorg.inc - -SRC_URI += "file://musl-arm-inb-outb.patch \ - file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ - file://pkgconfig.patch \ - file://CVE-2018-14665.patch \ - " -SRC_URI[md5sum] = "e525846d1d0af5732ba835f2e2ec066d" -SRC_URI[sha256sum] = "59c99fe86fe75b8164c6567bfc6e982aecc2e4a51e6fbac1b842d5d00549e918" - -# These extensions are now integrated into the server, so declare the migration -# path for in-place upgrades. - -RREPLACES_${PN} = "${PN}-extension-dri \ - ${PN}-extension-dri2 \ - ${PN}-extension-record \ - ${PN}-extension-extmod \ - ${PN}-extension-dbe \ - " -RPROVIDES_${PN} = "${PN}-extension-dri \ - ${PN}-extension-dri2 \ - ${PN}-extension-record \ - ${PN}-extension-extmod \ - ${PN}-extension-dbe \ - " -RCONFLICTS_${PN} = "${PN}-extension-dri \ - ${PN}-extension-dri2 \ - ${PN}-extension-record \ - ${PN}-extension-extmod \ - ${PN}-extension-dbe \ - " diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.3.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.3.bb new file mode 100644 index 0000000000..1caa154a23 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.3.bb @@ -0,0 +1,30 @@ +require xserver-xorg.inc + +SRC_URI += "file://musl-arm-inb-outb.patch \ + file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ + file://pkgconfig.patch \ + " +SRC_URI[md5sum] = "8ee29e8b24cef6b3cfa747ec01b9155a" +SRC_URI[sha256sum] = "1b3ce466c12cacbe2252b3ad5b0ed561972eef9d09e75900d65fb1e21f9201de" + +# These extensions are now integrated into the server, so declare the migration +# path for in-place upgrades. + +RREPLACES_${PN} = "${PN}-extension-dri \ + ${PN}-extension-dri2 \ + ${PN}-extension-record \ + ${PN}-extension-extmod \ + ${PN}-extension-dbe \ + " +RPROVIDES_${PN} = "${PN}-extension-dri \ + ${PN}-extension-dri2 \ + ${PN}-extension-record \ + ${PN}-extension-extmod \ + ${PN}-extension-dbe \ + " +RCONFLICTS_${PN} = "${PN}-extension-dri \ + ${PN}-extension-dri2 \ + ${PN}-extension-record \ + ${PN}-extension-extmod \ + ${PN}-extension-dbe \ + " -- cgit v1.2.3-54-g00ecf