Patch [1] linked in NVD report fixes issue in cache code introduced only
in v6.0.0 (as can be seen in tags containind that commit).
[1] 1265ff8d99
[2] 7a004a7ac2
(From OE-Core rev: 1d7c87fa2e499927cb6a26e4b2ad99e6127b6e33)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
A flaw was found in the RandR extension, where the RRChangeProviderProperty function
does not properly validate input. This issue leads to an integer overflow when
computing the total size to allocate.
(From OE-Core rev: 78055e8b6a9ea5063658886c5b5d22821d689fc5)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore'
in a client's request can cause the server to skip processing another client's
request, potentially leading to a denial of service.
(From OE-Core rev: 589bf97e1aa236477d895c227446966d0a278f3c)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore'
in a client's request can cause the server to skip processing another client's
request, potentially leading to a denial of service.
(From OE-Core rev: 9ab0fb0deebd4abb22dbfc6b40fe962cb3388fbd)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler
does not validate the request length, allowing a client to read unintended memory
from previous requests
(From OE-Core rev: 89dde7f86e1c2e61ed71ecf92e908dbe402a2668)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the Big Requests extension. The request length is multiplied
by 4 before checking against the maximum allowed size, potentially causing an
integer overflow and bypassing the size check.
(From OE-Core rev: 17033023d679a597e31964b0fed2b2e89cdf61ec)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X Rendering extension's handling of animated cursors.
If a client provides no cursors, the server assumes at least one is present,
leading to an out-of-bounds read and potential crash.
(From OE-Core rev: 2c8e82f860792e7fb99c78c512be57ce74774a34)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In X.Org X server 20.11 through 21.1.16, when a client application
uses easystroke for mouse gestures, the main thread modifies various
data structures used by the input thread without acquiring a lock,
aka a race condition. In particular, AttachDevice in dix/devices.c
does not acquire an input lock.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-49737
Upstream patch:
dc7cb45482
(From OE-Core rev: 740ea9019cf5cf309c5a4ef380eac17d21078ac8)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In X.Org X server 20.11 through 21.1.16, when a client application
uses easystroke for mouse gestures, the main thread modifies various
data structures used by the input thread without acquiring a lock,
aka a race condition. In particular, AttachDevice in dix/devices.c
does not acquire an input lock.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-49737
Upstream patch:
dc7cb45482
(From OE-Core rev: c6a8ad45174a416c4129deb210eab9b7721ce01d)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Building weston with core-image-weston SDK fails:
```
../libweston/renderer-gl/gl-shader-config-color-transformation.c:29:10: fatal error: GLES3/gl3.h: No such file or directory
29 | #include <GLES3/gl3.h>
| ^~~~~~~~~~~~~
```
Both GLES2 and GLES3 implementations are contained in libGLESv2.so.2,
which is packaged in libgles2-mesa. However, the headers are split
between libgles2-mesa-dev and libgles3-mesa-dev, which is why the
GLES3 headers end up missing in the SDK sysroot.
Add a dependency so the GLES3 headers are properly associated with
the GLES3 implementation.
(From OE-Core rev: 7e1308ec413e69a8427ac5998431005d9e4b8033)
(From OE-Core rev: 0d9f2fcc2058407eb138297d9f8f12595851b963)
Signed-off-by: Tom Hochstein <tom.hochstein@oss.nxp.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Patch copied from xserver-xorg recipe.
CVE reported for both and patch apply on both.
Upstream-Commit: ba1d14f8ef
(From OE-Core rev: 2158a34839068b878344d214d3fc9feeb17e504a)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Patch copied from xserver-xorg recipe.
CVE reported for both and patch apply on both.
Upstream-Commit: 3e77295f88
(From OE-Core rev: 3575ad718c8ea7d808247842df19982f00725187)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Patch copied from xserver-xorg recipe.
CVE reported for both and patch apply on both.
Upstream-Commit: 96798fc196
(From OE-Core rev: 4e41b1c8cccd3b2f359ee949cad402b9418f5983)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patches are copied from xserver-xorg recipe.
CVE reported for both and patches apply on both.
Upstream-Commit:
bc1fdbe465
& 26769aa71f
(From OE-Core rev: 77487fb0756951e29628f41ff00db12a5f9d7c27)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Patch copied from xserver-xorg recipe.
CVE reported for both and patch apply on both.
Upstream-Commit: 4a5e9b1895
(From OE-Core rev: 4b0f6aaa994eeab5d18211ace8034ec8b92b7419)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update SRC_URI to fix the following error:
WARNING: virglrenderer-native-0.9.1-r0 do_fetch: Failed to fetch URL
git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1,
attempting MIRRORS if available
(From OE-Core rev: 72450859dd5ee5395b64917516f185a2eed52775)
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patches are copied from xserver-xorg recipe.
The CVES are reported for both and patched apply on both.
(From OE-Core rev: cdcb9957a6fe1629dc3230fcdfd09322877d4038)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the X.org server. Due to improperly
tracked allocation size in _XkbSetCompatMap, a local
attacker may be able to trigger a buffer overflow condition
via a specially crafted payload, leading to denial of service
or local privilege escalation in distributions where the
X.org server is run with root privileges.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-9632
Upstream patch:
ba1d14f8ef
(From OE-Core rev: 95027410dba7a2a7e9b93f76279272f22445399b)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
