diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-graphics')
3 files changed, 31 insertions, 3 deletions
diff --git a/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/khronos-cts.inc b/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/khronos-cts.inc index 01f4a572f8..e05e35fe0e 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/khronos-cts.inc +++ b/meta-openembedded/meta-oe/recipes-graphics/vk-gl-cts/khronos-cts.inc @@ -21,7 +21,7 @@ S = "${WORKDIR}/git" inherit pkgconfig cmake features_check python3native qemu -ANY_OF_DISTRO_FEATURES += "opengl wayland" +ANY_OF_DISTRO_FEATURES += "opengl vulkan" DEPENDS += "python3-lxml-native libpng zlib virtual/libgles2 qemu-native" @@ -72,9 +72,9 @@ python __anonymous() { distrofeatures = (d.getVar("DISTRO_FEATURES") or "") if not bb.utils.contains_any("PACKAGECONFIG", ["surfaceless", "wayland", "x11_egl", "x11_glx", "x11_egl_glx"], True, False, d): if "wayland" in distrofeatures: - d.appendVar("DEPENDS", " wayland-native wayland wayland-protocols") + d.appendVar("DEPENDS", " wayland-native ${MLPREFIX}wayland ${MLPREFIX}wayland-protocols") if "x11" in distrofeatures: - d.appendVar("DEPENDS", " virtual/libx11 virtual/egl ") + d.appendVar("DEPENDS", " virtual/${MLPREFIX}libx11 virtual/${MLPREFIX}egl ") } CTSDIR = "/usr/lib/${BPN}" diff --git a/meta-openembedded/meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch b/meta-openembedded/meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch new file mode 100644 index 0000000000..fbdb9123cc --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch @@ -0,0 +1,27 @@ +CVE: CVE-2020-29074 +Upstream-Status: Backport [https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + + +From 69eeb9f7baa14ca03b16c9de821f9876def7a36a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Gu=C3=A9nal=20DAVALAN?= <guenal.davalan@uca.fr> +Date: Wed, 18 Nov 2020 08:40:45 +0100 +Subject: [PATCH] scan: limit access to shared memory segments to current user + +--- + src/scan.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/scan.c b/src/scan.c +index 43e00d20..12994d52 100644 +--- a/src/scan.c ++++ b/src/scan.c +@@ -320,7 +320,7 @@ static int shm_create(XShmSegmentInfo *shm, XImage **ximg_ptr, int w, int h, + + #if HAVE_XSHM + shm->shmid = shmget(IPC_PRIVATE, +- xim->bytes_per_line * xim->height, IPC_CREAT | 0777); ++ xim->bytes_per_line * xim->height, IPC_CREAT | 0600); + + if (shm->shmid == -1) { + rfbErr("shmget(%s) failed.\n", name); diff --git a/meta-openembedded/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb b/meta-openembedded/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb index 5f7c0beb66..be9ef3cbaa 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/x11vnc/x11vnc_0.9.16.bb @@ -12,6 +12,7 @@ PV .= "+git${SRCPV}" SRC_URI = "git://github.com/LibVNC/x11vnc;branch=master;protocol=https \ file://starting-fix.patch \ + file://CVE-2020-29074.patch \ " S = "${WORKDIR}/git" |