diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg')
5 files changed, 109 insertions, 80 deletions
diff --git a/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-drmmode_display.c-add-missing-mi.h-include.patch b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-drmmode_display.c-add-missing-mi.h-include.patch new file mode 100644 index 00000000..4b8e43f1 --- /dev/null +++ b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-drmmode_display.c-add-missing-mi.h-include.patch @@ -0,0 +1,23 @@ +From 84338444179cab7ede1252a11b66e3b8f657e6a4 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Fri, 7 Feb 2020 20:36:45 +0100 +Subject: [PATCH] drmmode_display.c: add missing mi.h include + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + hw/xfree86/drivers/modesetting/drmmode_display.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c +index e18cc37..3445cce 100644 +--- a/hw/xfree86/drivers/modesetting/drmmode_display.c ++++ b/hw/xfree86/drivers/modesetting/drmmode_display.c +@@ -46,6 +46,7 @@ + #include "xf86Crtc.h" + #include "drmmode_display.h" + #include "present.h" ++#include "mi.h" + + #include <cursorstr.h> + diff --git a/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch new file mode 100644 index 00000000..c0c24281 --- /dev/null +++ b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch @@ -0,0 +1,36 @@ +From 8a382c015cd3c69fcfc146ef03dcbf30c77ff207 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 1 Mar 2019 09:47:57 -0800 +Subject: [PATCH] test/xtest: Initialize array with braces + +Fixes an error when extra warnings are enabled, this is caught with clang + +test/xtest.c:64:23: error: suggest braces around initialization of subobject [-Werror,-Wmissing-braces] + WindowRec root = {0}; + ^ + {} +1 error generated. + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + test/xtest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/xtest.c b/test/xtest.c +index fc5e433..d7e6620 100644 +--- a/test/xtest.c ++++ b/test/xtest.c +@@ -61,7 +61,7 @@ xtest_init_devices(void) + { + ScreenRec screen = {0}; + ClientRec server_client = {0}; +- WindowRec root = {0}; ++ WindowRec root = {{0}}; + WindowOptRec optional = {0}; + + /* random stuff that needs initialization */ +-- +2.21.0 + diff --git a/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch deleted file mode 100644 index 7f6235b4..00000000 --- a/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch +++ /dev/null @@ -1,62 +0,0 @@ -Incorrect command-line parameter validation in the Xorg X server can lead to -privilege elevation and/or arbitrary files overwrite, when the X server is -running with elevated privileges (ie when Xorg is installed with the setuid bit -set and started by a non-root user). The -modulepath argument can be used to -specify an insecure path to modules that are going to be loaded in the X server, -allowing to execute unprivileged code in the privileged process. The -logfile -argument can be used to overwrite arbitrary files in the file system, due to -incorrect checks in the parsing of the option. - -CVE: CVE-2018-14665 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Tue, 23 Oct 2018 21:29:08 +0200 -Subject: [PATCH] Disable -logfile and -modulepath when running with elevated - privileges - -Could cause privilege elevation and/or arbitrary files overwrite, when -the X server is running with elevated privileges (ie when Xorg is -installed with the setuid bit set and started by a non-root user). - -CVE-2018-14665 - -Issue reported by Narendra Shinde and Red Hat. - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> -Reviewed-by: Adam Jackson <ajax@redhat.com> ---- - hw/xfree86/common/xf86Init.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c -index 6c25eda73..0f57efa86 100644 ---- a/hw/xfree86/common/xf86Init.c -+++ b/hw/xfree86/common/xf86Init.c -@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) - /* First the options that are not allowed with elevated privileges */ - if (!strcmp(argv[i], "-modulepath")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -modulepath " -+ "with elevated privileges\n"); - xf86ModulePath = argv[i + 1]; - xf86ModPathFrom = X_CMDLINE; - return 2; - } - if (!strcmp(argv[i], "-logfile")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -logfile " -+ "with elevated privileges\n"); - xf86LogFile = argv[i + 1]; - xf86LogFileFrom = X_CMDLINE; - return 2; --- -2.18.1 diff --git a/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/musl-arm-inb-outb.patch b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/musl-arm-inb-outb.patch deleted file mode 100644 index 4be441fb..00000000 --- a/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/musl-arm-inb-outb.patch +++ /dev/null @@ -1,18 +0,0 @@ -inb/outb family for arm is only implemented on glibc -so assumption across linux is wrong - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Pending -Index: xorg-server-1.18.0/hw/xfree86/common/compiler.h -=================================================================== ---- xorg-server-1.18.0.orig/hw/xfree86/common/compiler.h -+++ xorg-server-1.18.0/hw/xfree86/common/compiler.h -@@ -758,7 +758,7 @@ inl(unsigned short port) - return xf86ReadMmio32Le((void *) ioBase, port); - } - --#elif defined(__arm__) && defined(__linux__) -+#elif defined(__arm__) && defined(__GLIBC__) - - /* for Linux on ARM, we use the LIBC inx/outx routines */ - /* note that the appropriate setup via "ioperm" needs to be done */ diff --git a/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/sdksyms-no-build-path.patch b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/sdksyms-no-build-path.patch new file mode 100644 index 00000000..be198ece --- /dev/null +++ b/external/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/sdksyms-no-build-path.patch @@ -0,0 +1,50 @@ +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/merge_requests/253] +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From ca832598d38ba55a001088b57d73c6d7261dc9a7 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Thu, 1 Aug 2019 15:24:51 +0100 +Subject: [PATCH] sdksyms.sh: don't embed the build path + +This script generates a header that has a comment containing the build path for +no real reason. As this source can end up deployed on targets in debug packages +this means there is both potentially sensitive information leakage about the +build environment, and a source of change for reproducible builds. +--- + hw/xfree86/sdksyms.sh | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh +index 39e33711d..bdf47a71a 100755 +--- a/hw/xfree86/sdksyms.sh ++++ b/hw/xfree86/sdksyms.sh +@@ -302,13 +302,16 @@ LC_ALL=C + export LC_ALL + ${CPP:-cpp} "$@" sdksyms.c > /dev/null || exit $? + ${CPP:-cpp} "$@" sdksyms.c | ${AWK:-awk} -v topdir=$topdir ' ++function basename(file) { ++ sub(".*/", "", file) ++ return file ++} + BEGIN { + sdk = 0; + print("/*"); + print(" * These symbols are referenced to ensure they"); + print(" * will be available in the X Server binary."); + print(" */"); +- printf("/* topdir=%s */\n", topdir); + print("_X_HIDDEN void *xorg_symbols[] = {"); + + printf("sdksyms.c:") > "sdksyms.dep"; +@@ -337,7 +340,7 @@ BEGIN { + # remove quotes + gsub(/"/, "", $3); + line = $2; +- header = $3; ++ header = basename($3); + if (! headers[$3]) { + printf(" \\\n %s", $3) >> "sdksyms.dep"; + headers[$3] = 1; +-- +2.20.1 + |