diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:28:33 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:31:28 +0300 |
commit | 193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch) | |
tree | e12769d7c76d8b0517d6de3d3c72189753d253ed /poky/meta/recipes-graphics/xorg-xserver | |
parent | bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff) | |
download | openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.xz |
reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-graphics/xorg-xserver')
-rw-r--r-- | poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 | ||||
-rw-r--r-- | poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch | 36 | ||||
-rw-r--r-- | poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch | 62 | ||||
-rw-r--r-- | poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb (renamed from poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb) | 6 |
4 files changed, 41 insertions, 65 deletions
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 489a42850..615ad6d9b 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -18,6 +18,8 @@ INC_PR = "r8" XORG_PN = "xorg-server" SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" +CVE_PRODUCT = "xorg-server" + S = "${WORKDIR}/${XORG_PN}-${PV}" inherit autotools pkgconfig diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch new file mode 100644 index 000000000..c0c242814 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch @@ -0,0 +1,36 @@ +From 8a382c015cd3c69fcfc146ef03dcbf30c77ff207 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 1 Mar 2019 09:47:57 -0800 +Subject: [PATCH] test/xtest: Initialize array with braces + +Fixes an error when extra warnings are enabled, this is caught with clang + +test/xtest.c:64:23: error: suggest braces around initialization of subobject [-Werror,-Wmissing-braces] + WindowRec root = {0}; + ^ + {} +1 error generated. + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + test/xtest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/xtest.c b/test/xtest.c +index fc5e433..d7e6620 100644 +--- a/test/xtest.c ++++ b/test/xtest.c +@@ -61,7 +61,7 @@ xtest_init_devices(void) + { + ScreenRec screen = {0}; + ClientRec server_client = {0}; +- WindowRec root = {0}; ++ WindowRec root = {{0}}; + WindowOptRec optional = {0}; + + /* random stuff that needs initialization */ +-- +2.21.0 + diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch deleted file mode 100644 index 7f6235b43..000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch +++ /dev/null @@ -1,62 +0,0 @@ -Incorrect command-line parameter validation in the Xorg X server can lead to -privilege elevation and/or arbitrary files overwrite, when the X server is -running with elevated privileges (ie when Xorg is installed with the setuid bit -set and started by a non-root user). The -modulepath argument can be used to -specify an insecure path to modules that are going to be loaded in the X server, -allowing to execute unprivileged code in the privileged process. The -logfile -argument can be used to overwrite arbitrary files in the file system, due to -incorrect checks in the parsing of the option. - -CVE: CVE-2018-14665 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Tue, 23 Oct 2018 21:29:08 +0200 -Subject: [PATCH] Disable -logfile and -modulepath when running with elevated - privileges - -Could cause privilege elevation and/or arbitrary files overwrite, when -the X server is running with elevated privileges (ie when Xorg is -installed with the setuid bit set and started by a non-root user). - -CVE-2018-14665 - -Issue reported by Narendra Shinde and Red Hat. - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> -Reviewed-by: Adam Jackson <ajax@redhat.com> ---- - hw/xfree86/common/xf86Init.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c -index 6c25eda73..0f57efa86 100644 ---- a/hw/xfree86/common/xf86Init.c -+++ b/hw/xfree86/common/xf86Init.c -@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) - /* First the options that are not allowed with elevated privileges */ - if (!strcmp(argv[i], "-modulepath")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -modulepath " -+ "with elevated privileges\n"); - xf86ModulePath = argv[i + 1]; - xf86ModPathFrom = X_CMDLINE; - return 2; - } - if (!strcmp(argv[i], "-logfile")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -logfile " -+ "with elevated privileges\n"); - xf86LogFile = argv[i + 1]; - xf86LogFileFrom = X_CMDLINE; - return 2; --- -2.18.1 diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb index 9fd2e8d87..ad99d6bec 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb @@ -3,10 +3,10 @@ require xserver-xorg.inc SRC_URI += "file://musl-arm-inb-outb.patch \ file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://pkgconfig.patch \ - file://CVE-2018-14665.patch \ + file://0001-test-xtest-Initialize-array-with-braces.patch \ " -SRC_URI[md5sum] = "e525846d1d0af5732ba835f2e2ec066d" -SRC_URI[sha256sum] = "59c99fe86fe75b8164c6567bfc6e982aecc2e4a51e6fbac1b842d5d00549e918" +SRC_URI[md5sum] = "c4841cc24b79420205d082fe82e0a650" +SRC_URI[sha256sum] = "fe0fd493ebe93bfc56bede382fa204458ff5f636ea54d413a5d1bd58e19166ee" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. |