[4/5] xserver-xorg: add PACKAGECONFIG for xvfb

Message ID	20240122140406.3837333-4-ross.burton@arm.com
State	Accepted, archived
Commit	5d47474f6eb6b4441154c7de7261f8e0ab47333d
Headers	show Return-Path: <ross.burton@arm.com> ip: 217.140.110.172, mailfrom: ross.burton@arm.com) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Subject: [PATCH 4/5] xserver-xorg: add PACKAGECONFIG for xvfb Date: Mon, 22 Jan 2024 14:04:05 +0000 Message-Id: <20240122140406.3837333-4-ross.burton@arm.com> In-Reply-To: <20240122140406.3837333-1-ross.burton@arm.com> References: <20240122140406.3837333-1-ross.burton@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	[1/5] cve_check: handle CVE_STATUS being set to the empty string \| expand [1/5] cve_check: handle CVE_STATUS being set to the empty string [2/5] cve_check: cleanup logging [3/5] zlib: ignore CVE-2023-6992 [4/5] xserver-xorg: add PACKAGECONFIG for xvfb [5/5] xserver-xorg: disable xvfb by default

Message ID

20240122140406.3837333-4-ross.burton@arm.com

State

Accepted, archived

Commit

5d47474f6eb6b4441154c7de7261f8e0ab47333d

Headers

From: ross.burton@arm.com
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 4/5] xserver-xorg: add PACKAGECONFIG for xvfb
Date: Mon, 22 Jan 2024 14:04:05 +0000
Message-Id: <20240122140406.3837333-4-ross.burton@arm.com>
In-Reply-To: <20240122140406.3837333-1-ross.burton@arm.com>
References: <20240122140406.3837333-1-ross.burton@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

[1/5] cve_check: handle CVE_STATUS being set to the empty string | expand

Commit Message

Ross Burton Jan. 22, 2024, 2:04 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

Xvfb is pretty niche and has outstanding unsolved security issues, so
let people disable it and add a conditional CVE_STATUS to reflect this.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 085fcaf87a5..5a0fceea865 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -116,14 +116,13 @@  FILES:xf86-video-modesetting = "${libdir}/xorg/modules/drivers/modesetting_drv.s
 
 EXTRA_OEMESON += " \
                  -Dxnest=false \
-                 -Dxvfb=true \
                  -Ddtrace=false \
                  -Dint10=x86emu \
                  -Dxkb_output_dir=/var/lib/xkb \
 "
 
 OPENGL_PKGCONFIGS = "dri glx glamor dri3"
-PACKAGECONFIG ??= "dga dri2 udev ${XORG_CRYPTO} \
+PACKAGECONFIG ??= "dga dri2 udev xvfb ${XORG_CRYPTO} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', '${OPENGL_PKGCONFIGS}', '', d)} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-logind', '', d)} \
 "
@@ -138,6 +137,7 @@  PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,li
 PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind"
 PACKAGECONFIG[systemd-logind] = "-Dsystemd_logind=true,-Dsystemd_logind=false,dbus,"
 PACKAGECONFIG[xinerama] = "-Dxinerama=true,-Dxinerama=false"
+PACKAGECONFIG[xvfb] = "-Dxvfb=true,-Dxvfb=false"
 
 # Xorg requires a SHA1 implementation, pick one
 XORG_CRYPTO ??= "openssl"
@@ -175,3 +175,5 @@  python populate_packages:prepend() {
     d.appendVar("RPROVIDES:" + pn, " " + get_abi("input"))
     d.appendVar("RPROVIDES:" + pn, " " + get_abi("video"))
 }
+
+CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', '', 'not-applicable-config: specific to Xvfb', d)}"

[4/5] xserver-xorg: add PACKAGECONFIG for xvfb

Commit Message

Patch