Message ID | 20221108085109.3851-1-ezhilarasanx.s@intel.com |
---|---|
State | New |
Headers | show |
Series | pixman: backport fix for CVE-2022-44638 | expand |
Hi Ravula Thank you very much for the patch! On 11/8/22 09:51, Ezhilarasan wrote: > Reference to upstream patch: > https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 > > Signed-off-by: Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com> However, if I apply your patch through "git am", the author of the commit will be: Ezhilarasan <ezhilarasanx.s@intel.com> instead of Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com> Because of this issue, the maintainer has to manually fix this field when accepting your patch. Worse, if he doesn't catch this, that's harder to fix afterwards. You should be able to fix this by running: git config --global sendemail.from "ezhilarasanx.s@intel.com" This should add a "From" field to the sent patch which "git am" should be able to match with your name. At least this worked for me. See https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Sending_using_git-send-email Could you try to send an update (don't hesitate to send a private one to me first)? Thanks in advance Michael.
diff --git a/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch b/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch new file mode 100644 index 0000000000..ab5acaf2ee --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch @@ -0,0 +1,37 @@ +From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001 +From: Matt Turner <mattst88@gmail.com> +Date: Wed, 2 Nov 2022 12:07:32 -0400 +Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write + +Upstream-Status: Backport +CVE: CVE-2022-44638 + +Reference to upstream patch: +https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 + +Signed-off-by: Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com> + +Thanks to Maddie Stone and Google's Project Zero for discovering this +issue, providing a proof-of-concept, and a great analysis. + +Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 +--- + pixman/pixman-trap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c +index 91766fd..7560405 100644 +--- a/pixman/pixman-trap.c ++++ b/pixman/pixman-trap.c +@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y, + + if (f < Y_FRAC_FIRST (n)) + { +- if (pixman_fixed_to_int (i) == 0x8000) ++ if (pixman_fixed_to_int (i) == 0xffff8000) + { + f = 0; /* saturate */ + } +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb index ccfe277746..c56733eefd 100644 --- a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb +++ b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb @@ -9,6 +9,7 @@ DEPENDS = "zlib" SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \ file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \ + file://CVE-2022-44638.patch \ " SRC_URI[md5sum] = "73858c0862dd9896fb5f62ae267084a4" SRC_URI[sha256sum] = "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc"
Reference to upstream patch: https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 Signed-off-by: Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com> --- .../xorg-lib/pixman/CVE-2022-44638.patch | 37 +++++++++++++++++++ .../xorg-lib/pixman_0.40.0.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch