A flaw was identified in the X.Org X serverâ\x80\x99s X Keyboard
(Xkb) extension where improper bounds checking in the XkbSetCompatMap()
function can cause an unsigned short overflow. If an attacker sends
specially crafted input data, the value calculation may overflow,
leading to memory corruption or a crash.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-62231
Upstream patch:
3baad99f9c
(From OE-Core rev: 97326be553f3fec8fbda63a8b38d18f656425b2c)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was discovered in the X.Org X serverâ\x80\x99s X Keyboard
(Xkb) extension when handling client resource cleanup. The software
frees certain data structures without properly detaching related
resources, leading to a use-after-free condition. This can cause
memory corruption or a crash when affected clients disconnect.
Reference:
3baad99f9c
Upstream patches:
865089ca7087fe255393
(From OE-Core rev: 5d98bca7ca76964a6bf7efb7cf8331b9f518ad00)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X.Org X server and Xwayland when processing
X11 Present extension notifications. Improper error handling during
notification creation can leave dangling pointers that lead to a
use-after-free condition. This can cause memory corruption or a crash,
potentially allowing an attacker to execute arbitrary code or cause a
denial of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-62229
Upstream patch:
5a4286b13f
(From OE-Core rev: 3d606cc94e5ce42b836878578fa271a72bc76015)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the RandR extension, where the RRChangeProviderProperty function
does not properly validate input. This issue leads to an integer overflow when
computing the total size to allocate.
(From OE-Core rev: 15881f41f8c00c5f0a68628c2d49ca1aa1999c2e)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients
function does not check for an integer overflow when computing request length,
which allows a client to bypass length checks.
(From OE-Core rev: de28bff9b54b2725d8c06c4760e0ed2b59d3fa61)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore'
in a client's request can cause the server to skip processing another client's
request, potentially leading to a denial of service.
(From OE-Core rev: 4c6df8320497c2ebf09902a62b6a3f3b061be917)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler
does not validate the request length, allowing a client to read unintended memory
from previous requests
(From OE-Core rev: 0b2afd59ce8c35083c1cb3596a2f7d4eaa7bd1c8)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the Big Requests extension. The request length is multiplied
by 4 before checking against the maximum allowed size, potentially causing an
integer overflow and bypassing the size check.
(From OE-Core rev: 0a2c5179e1f08ccd0fcaccb6f95c892ebafac8a8)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X Rendering extension's handling of animated cursors.
If a client provides no cursors, the server assumes at least one is present,
leading to an out-of-bounds read and potential crash.
(From OE-Core rev: fec7644b70452794fabfb7d967e2124918215440)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
"""
This release contains the 3 security fixes that actually apply to
Xwayland reported in today's security advisory:
* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31083
Additionally, it also contains a couple of other fixes, a copy/paste
error in the DeviceStateNotify event and a fix to enable buttons with
pointer gestures for backward compatibility with legacy X11 clients.
"""
https://lists.x.org/archives/xorg/2024-April/061614.html
(From OE-Core rev: c89fea4ffb101e3d7079e126721b95fdf199b4aa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
e4487cae1 Bump version to 23.2.2
1e8478455 Xi/randr: fix handling of PropModeAppend/Prepend (CVE-2023-5367)
829a99117 Switch to libbsd-overlay
4f8a851b6 xwayland: Cancel the EI disconnect timer when freed
cc79b2a83 glamor: xv: Fix invalid accessing of plane attributes for NV12
07c18c90e xwayland: Give up on EI on setup failure
10353a01a xwayland: Add an option to enable EI portal support
4f8e209d2 xwayland/glamor/gbm: Set GBM_BO_USE_LINEAR if only LINEAR modifier is supported
c9a842e60 xwayland/present: Handle NULL window_priv in xwl_present_cleanup
2bd43be92 glamor: fixes GL_INVALID_ENUM errors on ES if there is no quads
(From OE-Core rev: 7d0fc94d09db76d4c4d6ca9d2da1b30768f68c9e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* The build error happens already at configure time:
| meson.build: ERROR: Problem encountered: DRI3 requested, but xshmfence not found
(From OE-Core rev: 451fe4a067432b432b9cd38d2fc78072f6ce5421)
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Trying to run an xterm fails with the error:
xterm: Xt error: Can't open display: :0
Checking systemctl status weston shows an error:
Jan 19 21:24:16 imx8mq-evk weston[396]: sh: line 1: /usr/bin/xkbcomp: No such file or directory
Adding xkbcomp to the rootfs fixes these errors. Checking the history
one finds that the runtime dependency for the old xserver was
removed because it wasn't in the correct location [1], then restored
because it was still needed [2].
[1] bdcc5e8f12
[2] f2330ebc30
(From OE-Core rev: 535e6df5b5e53dd95438985dcff554cd17302837)
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Various recipes were missing a pkgconfig inherit or pkgconfig-native
dependency despite using pkgconfig.
Add the inherit to igt-gpu-tools/gdb/libmodulemd/libwpe/xwayland/waffle
shaderc/iputils/wpebackend-fdo/lttng-ust/cargo.
(From OE-Core rev: 777d9744570c2dc119dc5d04985896bbb1da5885)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Copy the packageconfig options from the xserver-xorg recipe to
allow configuring for non mesa opengl backends.
Keep the defaults as set in the xserver-xorg recipe.
The following options no longer exists and are dropped:
udev dga dri dri2 xshmfence xmlto systemd-logind systemd xwayland
(From OE-Core rev: fce9c89c33ba6c6540fc92b729e0b7b34a6d7a3b)
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* it depends on libepoxy which has this restriction
* fixes:
ERROR: Nothing PROVIDES 'libepoxy' (but openembedded-core/meta/recipes-graphics/xwayland/xwayland_21.1.1.bb DEPENDS on or otherwise requires it)
libepoxy was skipped: missing required distro feature 'opengl' (not in DISTRO_FEATURES)
ERROR: Nothing RPROVIDES 'xwayland' (but openembedded-core/meta/recipes-graphics/xwayland/xwayland_21.1.1.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'xwayland'
NOTE: Runtime target 'xwayland' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['xwayland']
ERROR: Nothing RPROVIDES 'xwayland-dev' (but openembedded-core/meta/recipes-graphics/xwayland/xwayland_21.1.1.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'xwayland-dev'
NOTE: Runtime target 'xwayland-dev' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['xwayland-dev']
(From OE-Core rev: d5455a8f636599d6be8c36ea1578274148d558df)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
