diff options
Diffstat (limited to 'poky/meta/recipes-graphics/xorg-xserver/xserver-xorg')
7 files changed, 96 insertions, 219 deletions
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-config-fix-NULL-value-detection-for-ID_INPUT-being-u.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-config-fix-NULL-value-detection-for-ID_INPUT-being-u.patch deleted file mode 100644 index 964d5dd4c..000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-config-fix-NULL-value-detection-for-ID_INPUT-being-u.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a309323328d9d6e0bf5d9ea1d75920e53b9beef3 Mon Sep 17 00:00:00 2001 -From: Peter Hutterer <peter.hutterer@who-t.net> -Date: Fri, 5 Jan 2018 11:58:42 +1000 -Subject: [PATCH] config: fix NULL value detection for ID_INPUT being unset - -Erroneous condition caused us to keep going with all devices that didn't have -ID_INPUT set. - -Fixes: 5aad81445c8c3d6 -Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104382 -Reviewed-by: Adam Jackson <ajax@redhat.com> -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> - -Upstream-status: Backport -https://patchwork.freedesktop.org/patch/196090/ -Affects: < 1.20.0 -[Yocto # 12899] - -Signed-off-by: Armin Kuster <akuser808@gmail.com> - ---- - config/udev.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/config/udev.c b/config/udev.c -index e198e8609..3a73189e2 100644 ---- a/config/udev.c -+++ b/config/udev.c -@@ -135,7 +135,7 @@ device_added(struct udev_device *udev_device) - #endif - - value = udev_device_get_property_value(udev_device, "ID_INPUT"); -- if (value && !strcmp(value, "0")) { -+ if (!value || !strcmp(value, "0")) { - LogMessageVerb(X_INFO, 10, - "config/udev: ignoring device %s without " - "property ID_INPUT set\n", path); --- -2.17.1 - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch deleted file mode 100644 index 16ec3edb3..000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch +++ /dev/null @@ -1,61 +0,0 @@ -Discover monotonic clock using compile-time check - -monotonic clock check does not work when cross-compiling. - -Upstream-Status: Denied [Does not work on OpenBSD] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - - - -Original patch follows: - -When xorg-xserver is being cross-compiled, there is currently no way -for us to detect whether the monotonic clock is available on the -target system, because we aren't able to run a test program on the host -system. Currently, in this situation, we default to not use the -monotonic clock. One problem with this situation is that the user will -be treated as idle when the date is updated. - -To fix this situation, we now use a compile-time check to detect whether the -monotonic clock is available. This check can run just fine when we are -cross-compiling. - -Signed-off-by: David James <davidjames at google.com> ---- - configure.ac | 17 +++++++---------- - 1 file changed, 7 insertions(+), 10 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f7ab48c..26e85cd 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1048,19 +1048,16 @@ if ! test "x$have_clock_gettime" = xno; then - CPPFLAGS="$CPPFLAGS -D_POSIX_C_SOURCE=200112L" - fi - -- AC_RUN_IFELSE([AC_LANG_SOURCE([ -+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include <time.h> -- --int main(int argc, char *argv[[]]) { -- struct timespec tp; -- -- if (clock_gettime(CLOCK_MONOTONIC, &tp) == 0) -+#include <unistd.h> -+int main() { -+#if !(defined(_POSIX_MONOTONIC_CLOCK) && _POSIX_MONOTONIC_CLOCK >= 0 && defined(CLOCK_MONOTONIC)) -+ #error No monotonic clock -+#endif - return 0; -- else -- return 1; - } -- ])], [MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no], -- [MONOTONIC_CLOCK="cross compiling"]) -+]])],[MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no]) - - LIBS="$LIBS_SAVE" - CPPFLAGS="$CPPFLAGS_SAVE" --- -2.1.4 - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-Remove-check-for-useSIGIO-option.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-Remove-check-for-useSIGIO-option.patch deleted file mode 100644 index beed6cb4a..000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-Remove-check-for-useSIGIO-option.patch +++ /dev/null @@ -1,47 +0,0 @@ -From cf407b16cd65ad6e26a9c8e5984e163409a5c0f7 Mon Sep 17 00:00:00 2001 -From: Prabhu Sundararaj <prabhu.sundararaj@nxp.com> -Date: Mon, 30 Jan 2017 16:32:06 -0600 -Subject: [PATCH] Remove check for useSIGIO option - -Commit 6a5a4e60373c1386b311b2a8bb666c32d68a9d99 removes the configure of useSIGIO -option. - -As the xfree86 SIGIO support is reworked to use internal versions of OsBlockSIGIO -and OsReleaseSIGIO. - -No longer the check for useSIGIO is needed - -Upstream-Status: Pending - -Signed-off-by: Prabhu Sundararaj <prabhu.sundararaj@nxp.com> ---- - hw/xfree86/os-support/shared/sigio.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/hw/xfree86/os-support/shared/sigio.c b/hw/xfree86/os-support/shared/sigio.c -index 884a71c..be76498 100644 ---- a/hw/xfree86/os-support/shared/sigio.c -+++ b/hw/xfree86/os-support/shared/sigio.c -@@ -185,9 +185,6 @@ xf86InstallSIGIOHandler(int fd, void (*f) (int, void *), void *closure) - int i; - int installed = FALSE; - -- if (!xf86Info.useSIGIO) -- return 0; -- - for (i = 0; i < MAX_FUNCS; i++) { - if (!xf86SigIOFuncs[i].f) { - if (xf86IsPipe(fd)) -@@ -256,9 +253,6 @@ xf86RemoveSIGIOHandler(int fd) - int max; - int ret; - -- if (!xf86Info.useSIGIO) -- return 0; -- - max = 0; - ret = 0; - for (i = 0; i < MAX_FUNCS; i++) { --- -2.7.4 - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-modesetting-Fix-16-bit-depth-bpp-mode.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-modesetting-Fix-16-bit-depth-bpp-mode.patch deleted file mode 100644 index 5243761f1..000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-modesetting-Fix-16-bit-depth-bpp-mode.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 5028ef46ff4ab0930224b71024a7349b05610d42 Mon Sep 17 00:00:00 2001 -From: Stefan Agner <stefan@agner.ch> -Date: Thu, 22 Dec 2016 15:41:06 +0100 -Subject: [PATCH] modesetting: Fix 16 bit depth/bpp mode - -When setting DefaultDepth to 16 in the Screen section, the current -code requests a 32 bpp framebuffer, however the X-Server seems to -assumes 16 bpp. - -Fixes commit 21217d02168d ("modesetting: Implement 32->24 bpp -conversion in shadow update") - -Signed-off-by: Stefan Agner <stefan@agner.ch> - -Upstream-Status: Submitted [1] - -[1] https://lists.x.org/archives/xorg-devel/2016-December/052113.html ---- - hw/xfree86/drivers/modesetting/driver.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c -index d7030e5..647ad83 100644 ---- a/hw/xfree86/drivers/modesetting/driver.c -+++ b/hw/xfree86/drivers/modesetting/driver.c -@@ -930,7 +930,7 @@ PreInit(ScrnInfoPtr pScrn, int flags) - "Using 24bpp hw front buffer with 32bpp shadow\n"); - defaultbpp = 32; - } else { -- ms->drmmode.kbpp = defaultbpp; -+ ms->drmmode.kbpp = 0; - } - bppflags = PreferConvert24to32 | SupportConvert24to32 | Support32bppFb; - -@@ -950,6 +950,8 @@ PreInit(ScrnInfoPtr pScrn, int flags) - return FALSE; - } - xf86PrintDepthBpp(pScrn); -+ if (!ms->drmmode.kbpp) -+ ms->drmmode.kbpp = pScrn->bitsPerPixel; - - /* Process the options */ - xf86CollectOptions(pScrn, NULL); --- -2.7.4 - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch new file mode 100644 index 000000000..7f6235b43 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch @@ -0,0 +1,62 @@ +Incorrect command-line parameter validation in the Xorg X server can lead to +privilege elevation and/or arbitrary files overwrite, when the X server is +running with elevated privileges (ie when Xorg is installed with the setuid bit +set and started by a non-root user). The -modulepath argument can be used to +specify an insecure path to modules that are going to be loaded in the X server, +allowing to execute unprivileged code in the privileged process. The -logfile +argument can be used to overwrite arbitrary files in the file system, due to +incorrect checks in the parsing of the option. + +CVE: CVE-2018-14665 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 23 Oct 2018 21:29:08 +0200 +Subject: [PATCH] Disable -logfile and -modulepath when running with elevated + privileges + +Could cause privilege elevation and/or arbitrary files overwrite, when +the X server is running with elevated privileges (ie when Xorg is +installed with the setuid bit set and started by a non-root user). + +CVE-2018-14665 + +Issue reported by Narendra Shinde and Red Hat. + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Adam Jackson <ajax@redhat.com> +--- + hw/xfree86/common/xf86Init.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c +index 6c25eda73..0f57efa86 100644 +--- a/hw/xfree86/common/xf86Init.c ++++ b/hw/xfree86/common/xf86Init.c +@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) + /* First the options that are not allowed with elevated privileges */ + if (!strcmp(argv[i], "-modulepath")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -modulepath " ++ "with elevated privileges\n"); + xf86ModulePath = argv[i + 1]; + xf86ModPathFrom = X_CMDLINE; + return 2; + } + if (!strcmp(argv[i], "-logfile")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -logfile " ++ "with elevated privileges\n"); + xf86LogFile = argv[i + 1]; + xf86LogFileFrom = X_CMDLINE; + return 2; +-- +2.18.1 diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/macro_tweak.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/macro_tweak.patch deleted file mode 100644 index c36e4e730..000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/macro_tweak.patch +++ /dev/null @@ -1,25 +0,0 @@ -This is the revised version of files/macro_tweak.patch for -xorg-server 1.8.99.904 and newer. - -Upstream-Status: Pending - -Signed-off-by: Yu Ke <ke.yu@intel.com> - -Index: xorg-server-1.19.6/xorg-server.m4 -=================================================================== ---- xorg-server-1.19.6.orig/xorg-server.m4 -+++ xorg-server-1.19.6/xorg-server.m4 -@@ -28,10 +28,12 @@ dnl - # Checks for the MACRO define in xorg-server.h (from the sdk). If it - # is defined, then add the given PROTO to $REQUIRED_MODULES. - -+m4_pattern_allow(PKG_CONFIG_SYSROOT_DIR) -+ - AC_DEFUN([XORG_DRIVER_CHECK_EXT],[ - AC_REQUIRE([PKG_PROG_PKG_CONFIG]) - SAVE_CFLAGS="$CFLAGS" -- CFLAGS="$CFLAGS -I`$PKG_CONFIG --variable=sdkdir xorg-server`" -+ CFLAGS="$CFLAGS -I$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=sdkdir xorg-server`" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include "xorg-server.h" - #if !defined $1 diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/pkgconfig.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/pkgconfig.patch new file mode 100644 index 000000000..2ef9fa9fe --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/pkgconfig.patch @@ -0,0 +1,34 @@ +Upstream-Status: Submitted [https://gitlab.freedesktop.org/xorg/xserver/merge_requests/22] +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 5f65a6246fe752764045dd1e38912f1dccec71e4 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Thu, 20 Sep 2018 20:12:24 +0100 +Subject: [PATCH] xorg-server.m4: just all cflags instead of just sdkdir + +Instead of fetching just the sdkdir variable of xorg-server using pkg-config, +simply get all of the CFLAGS. Aside from completeness, this helps builds in +sysroots as pkg-config knows what to do with --cflags but doesn't remap +arbitrary variables. + +Signed-off-by: Ross Burton <ross.burton@intel.com> +--- + xorg-server.m4 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xorg-server.m4 b/xorg-server.m4 +index 18255b91a..195bda5d8 100644 +--- a/xorg-server.m4 ++++ b/xorg-server.m4 +@@ -31,7 +31,7 @@ dnl + AC_DEFUN([XORG_DRIVER_CHECK_EXT],[ + AC_REQUIRE([PKG_PROG_PKG_CONFIG]) + SAVE_CFLAGS="$CFLAGS" +- CFLAGS="$CFLAGS -I`$PKG_CONFIG --variable=sdkdir xorg-server`" ++ CFLAGS="$CFLAGS `$PKG_CONFIG --cflags xorg-server`" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include "xorg-server.h" + #if !defined $1 +-- +2.11.0 + |