From patchwork Wed Mar 30 02:27:53 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 6030
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 92E02C433F5
	for <webhook@archiver.kernel.org>; Wed, 30 Mar 2022 02:28:47 +0000 (UTC)
Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com
 [209.85.210.193])
 by mx.groups.io with SMTP id smtpd.web10.2624.1648607326369535497
 for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:46 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=4pXyUtsM;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.193,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f193.google.com with SMTP id h19so16546419pfv.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=nSRM8f6PRVA7QkQQQHu4TgAnW64sEnrAnOuwf7huxbg=;
        b=4pXyUtsM2vmu0lrFu808KjP1BJHffAUOKsuYqKktkkJdH4JgpLE7lsyXUJQohoSsP2
         PvJOe9ble0g7tGigYgCBr1fkw41s6x3MDT/fj+zP3nv+sYDR6dGgj6tDN88KaDNJtclb
         ggHxMBy7CRBUBCfFq3L+cv9PYkPPxT7aikQacHffRM4473Q3HTDkk6PDtXjYMe08m1zF
         qxxo7AcUfkskRvZGwSclg72d504HHZW3vzIe8ayUu3ZGQ35wMnng716GDmH2DNXqqNgZ
         Q1XdCfpG8AQrv0zTTbRnSyBEa2VpTgFG9GU8KNS9asWhHSKoU4/Qe9y9IVK9lCLI96IO
         1Bog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=nSRM8f6PRVA7QkQQQHu4TgAnW64sEnrAnOuwf7huxbg=;
        b=3Ccw2FFSsmLpl3K0qkdYJRoAHRzY/1lRtmMQznAW/PojA5BUMGfdi+KaQOjGHyko6C
         aKuYQDUKLVhqRHX5YPziMaT9mJXt68oWPSSZMG4CCKcRLa0N01fT5/SFCz+hgq1uQYZr
         LmXgKfUHNmdhmOPxdQSY/PCG4W4QgL8OtL6kqbLuMkaiSCy9zZ37d/jeoLkl63VEfbth
         Ue6m8T5+u0Qn/zruZg4iSQH01Fz3AmH7SVL6vi6b2LKamv30Ptml1fvLx63Mp1kxlvVR
         8crIapjAmNGiefMJcuq+rrAmQ24pSVVGv2+4rA1uSXAwch1RU2725RakcnZVGJp2L4er
         e2zQ==
X-Gm-Message-State: AOAM532te0dkjr8UDj/77bNCaTMpumHX0ksW5+3uapwbmNWALGiSY9+g
	LqeGqW60NBVDDzbVTXjTSUeRETt9sTzBoMa20Hw=
X-Google-Smtp-Source: 
 ABdhPJzWsIXqF+KI92U0W8GuSDoLprgmoSqUyRoZqhb1PfccP9Qt5igfnMHusflKfxwaT9sjl+bq2g==
X-Received: by 2002:a63:9d08:0:b0:398:9129:ccbd with SMTP id
 i8-20020a639d08000000b003989129ccbdmr3576453pgd.298.1648607325238;
        Tue, 29 Mar 2022 19:28:45 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 kb13-20020a17090ae7cd00b001c7de069bacsm4643484pjb.42.2022.03.29.19.28.44
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 29 Mar 2022 19:28:44 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 1/7] util-linux: fix CVE-2022-0563
Date: Tue, 29 Mar 2022 16:27:53 -1000
Message-Id: 
 <dffbf6301612ca91f6a1c306b9dde754b44912bb.1648596723.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1648596723.git.steve@sakoman.com>
References: <cover.1648596723.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 30 Mar 2022 02:28:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/163764

A flaw was found in the util-linux chfn and chsh utilities when compiled
with Readline support. The Readline library uses an "INPUTRC" environment
variable to get a path to the library config file. When the library cannot
parse the specified file, it prints an error message containing data from
the file. This flaw allows an unprivileged user to read root-owned files,
potentially leading to privilege escalation. This flaw affects util-linux
versions prior to 2.37.4.

Backport patch from upstream:
https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17

Patch required slight modifications to apply cleanly to util-linux 2.35.1

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++++
 .../util-linux/util-linux_2.35.1.bb           |   1 +
 2 files changed, 162 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch

diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
new file mode 100644
index 0000000000..54b496ea3f
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
@@ -0,0 +1,161 @@
+From faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 10 Feb 2022 12:03:17 +0100
+Subject: [PATCH] chsh, chfn: remove readline support [CVE-2022-0563]
+
+The readline library uses INPUTRC= environment variable to get a path
+to the library config file. When the library cannot parse the
+specified file, it prints an error message containing data from the
+file.
+
+Unfortunately, the library does not use secure_getenv() (or a similar
+concept) to avoid vulnerabilities that could occur if set-user-ID or
+set-group-ID programs.
+
+Reported-by: Rory Mackie <rory.mackie@trailofbits.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+Upstream-status: Backport
+https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
+
+CVE: CVE-2022-0563
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ login-utils/Makemodule.am |  2 +-
+ login-utils/chfn.c        | 16 +++------------
+ login-utils/chsh.c        | 42 ++-------------------------------------
+ 3 files changed, 6 insertions(+), 54 deletions(-)
+
+diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
+index fac5bfc..73636af 100644
+--- a/login-utils/Makemodule.am
++++ b/login-utils/Makemodule.am
+@@ -82,7 +82,7 @@ chfn_chsh_sources = \
+ 	login-utils/ch-common.c
+ chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
+ chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
+-chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS)
++chfn_chsh_ldadd = libcommon.la
+ 
+ if CHFN_CHSH_PASSWORD
+ chfn_chsh_ldadd += -lpam
+diff --git a/login-utils/chfn.c b/login-utils/chfn.c
+index b739555..2f8e44a 100644
+--- a/login-utils/chfn.c
++++ b/login-utils/chfn.c
+@@ -56,11 +56,6 @@
+ # include "auth.h"
+ #endif
+ 
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct finfo {
+ 	char *full_name;
+ 	char *office;
+@@ -229,22 +224,17 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question,
+ {
+ 	int len;
+ 	char *buf;
+-#ifndef HAVE_LIBREADLINE
+-	size_t dummy = 0;
+-#endif
+ 
+ 	if (!def_val)
+ 		def_val = "";
++
+ 	while (true) {
+ 		printf("%s [%s]: ", question, def_val);
+ 		__fpurge(stdin);
+-#ifdef HAVE_LIBREADLINE
+-		rl_bind_key('\t', rl_insert);
+-		if ((buf = readline(NULL)) == NULL)
+-#else
++
+ 		if (getline(&buf, &dummy, stdin) < 0)
+-#endif
+ 			errx(EXIT_FAILURE, _("Aborted."));
++
+ 		/* remove white spaces from string end */
+ 		ltrim_whitespace((unsigned char *) buf);
+ 		len = rtrim_whitespace((unsigned char *) buf);
+diff --git a/login-utils/chsh.c b/login-utils/chsh.c
+index a9ebec8..ee6ff87 100644
+--- a/login-utils/chsh.c
++++ b/login-utils/chsh.c
+@@ -58,11 +58,6 @@
+ # include "auth.h"
+ #endif
+ 
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct sinfo {
+ 	char *username;
+ 	char *shell;
+@@ -121,33 +116,6 @@ static void print_shells(void)
+ 	endusershell();
+ }
+ 
+-#ifdef HAVE_LIBREADLINE
+-static char *shell_name_generator(const char *text, int state)
+-{
+-	static size_t len;
+-	char *s;
+-
+-	if (!state) {
+-		setusershell();
+-		len = strlen(text);
+-	}
+-
+-	while ((s = getusershell())) {
+-		if (strncmp(s, text, len) == 0)
+-			return xstrdup(s);
+-	}
+-	return NULL;
+-}
+-
+-static char **shell_name_completion(const char *text,
+-				    int start __attribute__((__unused__)),
+-				    int end __attribute__((__unused__)))
+-{
+-	rl_attempted_completion_over = 1;
+-	return rl_completion_matches(text, shell_name_generator);
+-}
+-#endif
+-
+ /*
+  *  parse_argv () --
+  *	parse the command line arguments, and fill in "pinfo" with any
+@@ -198,20 +166,14 @@ static char *ask_new_shell(char *question, char *oldshell)
+ {
+ 	int len;
+ 	char *ans = NULL;
+-#ifdef HAVE_LIBREADLINE
+-	rl_attempted_completion_function = shell_name_completion;
+-#else
+ 	size_t dummy = 0;
+-#endif
++
+ 	if (!oldshell)
+ 		oldshell = "";
+ 	printf("%s [%s]\n", question, oldshell);
+-#ifdef HAVE_LIBREADLINE
+-	if ((ans = readline("> ")) == NULL)
+-#else
+ 	if (getline(&ans, &dummy, stdin) < 0)
+-#endif
+ 		return NULL;
++
+ 	/* remove the newline at the end of ans. */
+ 	ltrim_whitespace((unsigned char *) ans);
+ 	len = rtrim_whitespace((unsigned char *) ans);
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
index 96d5eca518..89dc564ecb 100644
--- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
@@ -15,6 +15,7 @@ SRC_URI += "file://configure-sbindir.patch \
             file://include-strutils-cleanup-strto-functions.patch \
             file://CVE-2021-3995.patch \
             file://CVE-2021-3996.patch \
+            file://CVE-2022-0563.patch \
 "
 SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf"
 SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9"

From patchwork Wed Mar 30 02:27:54 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 6031
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A777FC433F5
	for <webhook@archiver.kernel.org>; Wed, 30 Mar 2022 02:28:49 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web12.2672.1648607328953802592
 for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:49 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=awbPEGuk;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id m18so14382553plx.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=TJ68ZrBK2Q0n42+ntMquK2qmqGqTXdg/IFqIJRgqIC0=;
        b=awbPEGuklyrrVW4XjKTHppDzpymNgYMI8iz7/jD0LrR9YuJ19X5UYeuQ2MmmN10JZQ
         W5QfETycc/YUQm4MVDYr+ouia+h5z3p5C3d1gpZvuDKL3WIp9YXERfi9klav672RuWZb
         ksT5qO7nex6ACwX/bGMhjuWkHdWjZVeqeMCIULHUk9GL0e310TMEmbxk5O280+NO50LI
         PBmRpbndkmZBK5coKhVbLfjhfOVRa0S0DqtxfHbFQBsbk3pBL6BQ7K4S8A7rzF8pBSdP
         ElnHiNs9W/wBXqMElrEkFtzxH993OnBNENc3Bfu2nOJEoiaVxVziAiZWTTs8w0m/7qbJ
         TJ9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=TJ68ZrBK2Q0n42+ntMquK2qmqGqTXdg/IFqIJRgqIC0=;
        b=qvhOnVEhBcUFMKOHkwnz2Wbttes54f9OPpLoWEDJDP5cQ16R1x5MDKvMd+SZ4mrnpQ
         SJghgdYHAfwBhPxfhEhNdtxtDjfyMEOQwfOEJLdGEh06czn19meKlOqSQjPLGQPzyxdb
         oVq+9F/kscEvgD2VNORZi/0YXlGrS+8WlLLyXVUoo635NPNw4zXJoOdq5CQHhLVXWtuS
         j0mHvJUKuppIO8hNwh6iQqD693j+c8U3oFe9pzpJIVXpFNE3+rBoRzKjdFMEJ3dmIXlZ
         ahBk7HLwkbqqzeDt7JOm1L2pQ14aOtbxYnOGUb5LIUMw3fgbRZPKMuaTcfxRp/xg81DR
         itvA==
X-Gm-Message-State: AOAM532tSbaSoQ6Tg1YnRbSrtKM2n9vY8rL7m6+XM3EYpgiJ4kF4ec9y
	SSGdDC8HxTICjB4tspevZ9BqDWa3fmX+auCvsZA=
X-Google-Smtp-Source: 
 ABdhPJzXijL2HAxedeo9yGhDOfIZahoNpVmNhcsUbRWZ3e0jLQCTYlW3rYj9fnK0EY5lKJsgOyYcjA==
X-Received: by 2002:a17:90b:33c8:b0:1c7:443:3fcc with SMTP id
 lk8-20020a17090b33c800b001c704433fccmr2379798pjb.109.1648607327573;
        Tue, 29 Mar 2022 19:28:47 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 kb13-20020a17090ae7cd00b001c7de069bacsm4643484pjb.42.2022.03.29.19.28.46
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 29 Mar 2022 19:28:47 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 2/7] xserver-xorg: update to 1.20.9
Date: Tue, 29 Mar 2022 16:27:54 -1000
Message-Id: 
 <9fba10e19c8de5df1361e222bf255c0d9dad949f.1648596723.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1648596723.git.steve@sakoman.com>
References: <cover.1648596723.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 30 Mar 2022 02:28:49 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/163765

Remove CVE patches contained in this release.

Stable branch update:

afb77415e (tag: xorg-server-1.20.9) xserver 1.20.9
705d72139 Fix XRecordRegisterClients() Integer underflow
5b384e767 Fix XkbSelectEvents() integer underflow
eff3f6cdd Fix XIChangeHierarchy() integer underflow
1d3a1092c Correct bounds checking in XkbSetNames()
249a12c54 linux: Fix platform device probe for DT-based PCI
5c96eb5f4 linux: Fix platform device PCI detection for complex bus topologies
74b7427c4 linux: Make platform device probe less fragile
4979ac8f0 fix for ZDI-11426
2720b8715 xfree86: add drm modes on non-GTF panels
7da8e7bab present: Check valid region in window mode flips
4a65b6617 xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp
10cabe0b9 xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
3b51978b9 doc: Update URLs in Xserver-DTrace.xml
6cbd6a09b xwayland: Use a fixed DPI value for core protocol
d4e8c4622 xwayland: only use linux-dmabuf if format/modifier was advertised
c726ceacc hw/xfree86: Avoid cursor use after free
0679d4660 Update URL's in man pages
3059a2e62 xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
23c55ec32 xwayland: Hold a pixmap reference in struct xwl_present_event
1179938c1 randr: Check rrPrivKey in RRHasScanoutPixmap()
4912f693e modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation
ccbcf083d xwayland: Store xwl_tablet_pad in its own private key
cc3613559 xwayland: Initialise values in xwlVidModeGetGamma()
533cc6ca0 xwayland: Fix crashes when there is no pointer
3aa31823d xwayland: Clear private on device removal
22c0808ac xwayland: Free all remaining events in xwl_present_cleanup
37779d7f4 xwayland: Always use xwl_present_free_event for freeing Present events
ba52e5eb0 present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
b3310ed50 present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
fc297c87d xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
0430d13c1 xwayland: Fix infinite loop at startup
b8b10e293 modesetting: Disable pageflipping when using a swcursor
271934db9 dix: do not send focus event when grab actually does not change

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2020-14345.patch         | 182 ------------------
 .../xserver-xorg/CVE-2020-14346.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14347.patch         |  38 ----
 .../xserver-xorg/CVE-2020-14361.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14362.patch         |  70 -------
 ...-xorg_1.20.8.bb => xserver-xorg_1.20.9.bb} |   9 +-
 6 files changed, 2 insertions(+), 369 deletions(-)
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.9.bb} (78%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
deleted file mode 100644
index fb3a37c474..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:46:32 +0200
-Subject: [PATCH] Correct bounds checking in XkbSetNames()
-
-CVE-2020-14345 / ZDI 11428
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-CVE: CVE-2020-14345
-Affects < 1.20.9
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 48 insertions(+)
-
-Index: xorg-server-1.20.8/xkb/xkb.c
-===================================================================
---- xorg-server-1.20.8.orig/xkb/xkb.c
-+++ xorg-server-1.20.8/xkb/xkb.c
-@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT;
- #define	CHK_REQ_KEY_RANGE(err,first,num,r)  \
- 	CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue)
- 
-+static Bool
-+_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) {
-+    char *cstuff = (char *)stuff;
-+    char *cfrom = (char *)from;
-+    char *cto = (char *)to;
-+
-+    return cfrom < cto &&
-+           cfrom >= cstuff &&
-+           cfrom < cstuff + ((size_t)client->req_len << 2) &&
-+           cto >= cstuff &&
-+           cto <= cstuff + ((size_t)client->req_len << 2);
-+}
-+
- /***====================================================================***/
- 
- int
-@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-             client->errorValue = _XkbErrCode2(0x04, stuff->firstType);
-             return BadAccess;
-         }
-+        if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes))
-+            return BadLength;
-         old = tmp;
-         tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad);
-         if (!tmp) {
-@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-         }
-         width = (CARD8 *) tmp;
-         tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels));
-+        if (!_XkbCheckRequestBounds(client, stuff, width, tmp))
-+            return BadLength;
-         type = &xkb->map->types[stuff->firstKTLevel];
-         for (i = 0; i < stuff->nKTLevels; i++, type++) {
-             if (width[i] == 0)
-@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-                                                   type->num_levels, width[i]);
-                 return BadMatch;
-             }
-+            if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i]))
-+                return BadLength;
-             tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad);
-             if (!tmp) {
-                 client->errorValue = bad;
-@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-             client->errorValue = 0x08;
-             return BadMatch;
-         }
-+        if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+                                    tmp + Ones(stuff->indicators)))
-+            return BadLength;
-         tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators,
-                                    client->swapped, &bad);
-         if (!tmp) {
-@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-             client->errorValue = 0x09;
-             return BadMatch;
-         }
-+        if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+                                    tmp + Ones(stuff->virtualMods)))
-+            return BadLength;
-         tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods,
-                                    (CARD32) stuff->virtualMods,
-                                    client->swapped, &bad);
-@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-             client->errorValue = 0x0a;
-             return BadMatch;
-         }
-+        if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+                                    tmp + Ones(stuff->groupNames)))
-+            return BadLength;
-         tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups,
-                                    (CARD32) stuff->groupNames,
-                                    client->swapped, &bad);
-@@ -4141,9 +4169,14 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-                              stuff->nKeys);
-             return BadValue;
-         }
-+        if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys))
-+            return BadLength;
-         tmp += stuff->nKeys;
-     }
-     if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) {
-+        if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+                                    tmp + (stuff->nKeyAliases * 2)))
-+            return BadLength;
-         tmp += stuff->nKeyAliases * 2;
-     }
-     if (stuff->which & XkbRGNamesMask) {
-@@ -4151,6 +4184,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
-             client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups);
-             return BadValue;
-         }
-+        if (!_XkbCheckRequestBounds(client, stuff, tmp,
-+                                    tmp + stuff->nRadioGroups))
-+            return BadLength;
-         tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad);
-         if (!tmp) {
-             client->errorValue = bad;
-@@ -4344,6 +4380,8 @@ ProcXkbSetNames(ClientPtr client)
-     /* check device-independent stuff */
-     tmp = (CARD32 *) &stuff[1];
- 
-+    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+        return BadLength;
-     if (stuff->which & XkbKeycodesNameMask) {
-         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
-         if (!tmp) {
-@@ -4351,6 +4389,8 @@ ProcXkbSetNames(ClientPtr client)
-             return BadAtom;
-         }
-     }
-+    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+        return BadLength;
-     if (stuff->which & XkbGeometryNameMask) {
-         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
-         if (!tmp) {
-@@ -4358,6 +4398,8 @@ ProcXkbSetNames(ClientPtr client)
-             return BadAtom;
-         }
-     }
-+    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+        return BadLength;
-     if (stuff->which & XkbSymbolsNameMask) {
-         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
-         if (!tmp) {
-@@ -4365,6 +4407,8 @@ ProcXkbSetNames(ClientPtr client)
-             return BadAtom;
-         }
-     }
-+    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+        return BadLength;
-     if (stuff->which & XkbPhysSymbolsNameMask) {
-         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
-         if (!tmp) {
-@@ -4372,6 +4416,8 @@ ProcXkbSetNames(ClientPtr client)
-             return BadAtom;
-         }
-     }
-+    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+        return BadLength;
-     if (stuff->which & XkbTypesNameMask) {
-         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
-         if (!tmp) {
-@@ -4379,6 +4425,8 @@ ProcXkbSetNames(ClientPtr client)
-             return BadAtom;
-         }
-     }
-+    if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
-+        return BadLength;
-     if (stuff->which & XkbCompatNameMask) {
-         tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
-         if (!tmp) {
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
deleted file mode 100644
index 4994a21d33..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:49:04 +0200
-Subject: [PATCH] Fix XIChangeHierarchy() integer underflow
-
-CVE-2020-14346 / ZDI-CAN-11429
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-[https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff]
-CVE: CVE-2020-14346
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- Xi/xichangehierarchy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
-index cbdd91258..504defe56 100644
---- a/Xi/xichangehierarchy.c
-+++ b/Xi/xichangehierarchy.c
-@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
-     if (!stuff->num_changes)
-         return rc;
- 
--    len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
-+    len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq);
- 
-     any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
-     while (stuff->num_changes--) {
--- 
-2.17.1
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
deleted file mode 100644
index cf3f5f9417..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Sat, 25 Jul 2020 19:33:50 +0200
-Subject: [PATCH] fix for ZDI-11426
-
-Avoid leaking un-initalized memory to clients by zeroing the
-whole pixmap on initial allocation.
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-
-
-Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816]
-CVE: CVE-2020-14347
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- dix/pixmap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dix/pixmap.c b/dix/pixmap.c
-index 1186d7dbbf..5a0146bbb6 100644
---- a/dix/pixmap.c
-+++ b/dix/pixmap.c
-@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
-     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
-         return NullPixmap;
- 
--    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
-+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
-     if (!pPixmap)
-         return NullPixmap;
- 
--- 
-GitLab
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
deleted file mode 100644
index 710cc3873c..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 144849ea27230962227e62a943b399e2ab304787 Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:52:29 +0200
-Subject: [PATCH] Fix XkbSelectEvents() integer underflow
-
-CVE-2020-14361 ZDI-CAN 11573
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-[https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787]
-CVE: CVE-2020-14361
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- xkb/xkbSwap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c
-index 1c1ed5ff4..50cabb90e 100644
---- a/xkb/xkbSwap.c
-+++ b/xkb/xkbSwap.c
-@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client)
-         register unsigned bit, ndx, maskLeft, dataLeft, size;
- 
-         from.c8 = (CARD8 *) &stuff[1];
--        dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq);
-+        dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq);
-         maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask));
-         for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) {
-             if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify))
--- 
-2.17.1
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
deleted file mode 100644
index 2103e9c198..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:55:01 +0200
-Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow
-
-CVE-2020-14362 ZDI-CAN-11574
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-[https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc]
-CVE: CVE-2020-14362
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- record/record.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/record/record.c b/record/record.c
-index f2d38c877..be154525d 100644
---- a/record/record.c
-+++ b/record/record.c
-@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client)
- }                               /* SProcRecordQueryVersion */
- 
- static int _X_COLD
--SwapCreateRegister(xRecordRegisterClientsReq * stuff)
-+SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
- {
-     int i;
-     XID *pClientID;
-@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff)
-     swapl(&stuff->nRanges);
-     pClientID = (XID *) &stuff[1];
-     if (stuff->nClients >
--        stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq))
-+        client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq))
-         return BadLength;
-     for (i = 0; i < stuff->nClients; i++, pClientID++) {
-         swapl(pClientID);
-     }
-     if (stuff->nRanges >
--        stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)
-+        client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
-         - stuff->nClients)
-         return BadLength;
-     RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
-@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client)
- 
-     swaps(&stuff->length);
-     REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq);
--    if ((status = SwapCreateRegister((void *) stuff)) != Success)
-+    if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
-         return status;
-     return ProcRecordCreateContext(client);
- }                               /* SProcRecordCreateContext */
-@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client)
- 
-     swaps(&stuff->length);
-     REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq);
--    if ((status = SwapCreateRegister((void *) stuff)) != Success)
-+    if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
-         return status;
-     return ProcRecordRegisterClients(client);
- }                               /* SProcRecordRegisterClients */
--- 
-2.17.1
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
similarity index 78%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
index 8c77c3756b..4f001c2d3d 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
@@ -5,16 +5,11 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://0001-test-xtest-Initialize-array-with-braces.patch \
            file://sdksyms-no-build-path.patch \
            file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
-           file://CVE-2020-14347.patch \
-           file://CVE-2020-14346.patch \
-           file://CVE-2020-14361.patch \
-           file://CVE-2020-14362.patch \
-           file://CVE-2020-14345.patch \
            file://CVE-2020-14360.patch \
            file://CVE-2020-25712.patch \
            "
-SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839"
-SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146"
+SRC_URI[md5sum] = "afcae2f46d47c33863cab7fd9db7279a"
+SRC_URI[sha256sum] = "e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571"
 
 CFLAGS += "-fcommon"
 

From patchwork Wed Mar 30 02:27:55 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 6032
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 93865C433EF
	for <webhook@archiver.kernel.org>; Wed, 30 Mar 2022 02:28:51 +0000 (UTC)
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
 [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web10.2625.1648607330908831618
 for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:51 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=Xm/ioksu;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f169.google.com with SMTP id m18so14382595plx.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=vJBGB4EIIIkE5Wr5kSoNGALwqUt9Dz2XSDP3jG0DodQ=;
        b=Xm/ioksun+BTa8RYbRBKLLdQdcE6bJxUA66LBmMXD2fKRot5gSctkasYp0D0asdoci
         P+08M/Rh6KwQEs261degUUvp0y0XZW6DqZGhUD2A7KZK0ZKTBAwTJbk2P6RE3Ez6I793
         xmGSXyQVjuUEpBlSiyW5StCP3FzFc2kkchTOs3wIGFOrRLbZ9O8d6LDYg3i6L5bghDpu
         kzDqV3r+Sq1SkTOs35i4eI1EM8kMLXHtwREBcV28ITARm23UuzSw7BU/x5fuuzZfgr6Q
         7essU4MtlSofomHXEt6wuaajqpjFRbdnWNu6Frzfoe3BZWwTjok5PyTVMb8XwdOu7EaY
         E5Rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=vJBGB4EIIIkE5Wr5kSoNGALwqUt9Dz2XSDP3jG0DodQ=;
        b=siPPapFECQHU0//1cXOjKGkTIY6Fhv2OPuBsw17P5uD5Q4KjYKyvkPMFn5qr7MUE2V
         EDw+BVZgmt9xSouMF9RheEZsgmpmt423S+FBbmpp9n4IGLvRhEOpXONhKQw3wYjfU97g
         ceCAmxqSs4Xj6paUpcvuISko/l+tHqSxnZvmc+YxgVqzmEnmE0znnhhaPLCM2y3mzoth
         A1RPkkJgpWNwgebRd5LvV6URj4Ez36GjqtSEzk4M4GcOaYp/ruU0iZlzXSJlRrn9Tzod
         MGFsCz9pNkksF1mXIGF44V8S7/oA3OL5KU8WoINbnwokGawS+WM/ORt15SUzmd1D/Wwu
         mUeA==
X-Gm-Message-State: AOAM533b8GMomKMZTFMbyV1AwI3njp2FJrBuVHzdq91/03QKF1DMB2iq
	Q2Qqm+VwRFkcl4KIGXLR5ASVS6XjiOrV3X3qug4=
X-Google-Smtp-Source: 
 ABdhPJwyp1JYeiaRZrG9veYdURdC3BMNfzIuucj1E8AdfdDTxyHnR4vTLMPTdDVXholzSWEbKxJg9Q==
X-Received: by 2002:a17:902:d4c6:b0:156:78c:8486 with SMTP id
 o6-20020a170902d4c600b00156078c8486mr13934801plg.85.1648607329763;
        Tue, 29 Mar 2022 19:28:49 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 kb13-20020a17090ae7cd00b001c7de069bacsm4643484pjb.42.2022.03.29.19.28.48
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 29 Mar 2022 19:28:49 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 3/7] xserver-xorg: update to 1.20.10
Date: Tue, 29 Mar 2022 16:27:55 -1000
Message-Id: 
 <ac86083917380ca8398307f0e59b7bb73c727b4f.1648596723.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1648596723.git.steve@sakoman.com>
References: <cover.1648596723.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 30 Mar 2022 02:28:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/163766

Remove CVE patches contained in this release.

Stable branch update:

bc111a2e6 (tag: xorg-server-1.20.10) xserver 1.20.10
06d1a032e Check SetMap request length carefully.
7ccb3b0ea Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows
440ed5948 present/wnmd: Translate update region to screen space
54f9af1c6 modesetting: keep going if a modeset fails on EnterVT
bd0f53725 modesetting: check the kms state on EnterVT
5c400cae1 configure: Build hashtable for Xres and glvnd
253569a3d xwayland: Create an xwl_window for toplevel only
0811a9ff7 xwayland: non-rootless requires the wl_shell protocol
b3ae038c3 glamor: Update pixmap's devKind when making it exportable
d6c389cb8 os: Fix instruction pointer written in xorg_backtrace
c3e4c1a0f present/wnmd: Execute copies at target_msc-1 already
96ef31e0f present/wnmd: Move up present_wnmd_queue_vblank
669e40390 present: Add present_vblank::exec_msc field
dae234efd present: Move flip target_msc adjustment out of present_vblank_create
1930ed233 xwayland: Remove pending stream reference when freeing
1ac389dda xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one
d108c2c82 xwayland: Do not discard frame callbacks on allow commits
174cb91d8 present/wnmd: Remove dead check from present_wnmd_check_flip
51ee6e5ce xwayland: Check window pixmap in xwl_present_check_flip2
f4006d795 present/wnmd: Can't use page flipping for windows clipped by children
1e84fda20 xfree86: Take second reference for SavedCursor in xf86CursorSetCursor
8c3c8bda2 glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling
b28c88288 include: Increase the number of max. input devices to 256.
af4c84ce8 Revert "linux: Make platform device probe less fragile"
39cb95e95 Revert "linux: Fix platform device PCI detection for complex bus topologies"
4b6fce597 Revert "linux: Fix platform device probe for DT-based PCI"

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2020-14360.patch         | 132 ------------------
 .../xserver-xorg/CVE-2020-25712.patch         | 102 --------------
 ...xorg_1.20.9.bb => xserver-xorg_1.20.10.bb} |   6 +-
 3 files changed, 2 insertions(+), 238 deletions(-)
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.9.bb => xserver-xorg_1.20.10.bb} (84%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
deleted file mode 100644
index e9ab42742e..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Thu, 12 Nov 2020 19:15:07 +0100
-Subject: [PATCH] Check SetMap request length carefully.
-
-Avoid out of bounds memory accesses on too short request.
-
-ZDI-CAN 11572 /  CVE-2020-14360
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport 
-https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
-CVE: CVE-2020-14360
-Signed-off-by: Armin Kuster <akuster@mvista.com>
----
- xkb/xkb.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 92 insertions(+)
-
-Index: xorg-server-1.20.8/xkb/xkb.c
-===================================================================
---- xorg-server-1.20.8.orig/xkb/xkb.c
-+++ xorg-server-1.20.8/xkb/xkb.c
-@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi,
-     return (char *) wire;
- }
- 
-+#define _add_check_len(new) \
-+    if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \
-+    else len += new
-+
-+/**
-+ * Check the length of the SetMap request
-+ */
-+static int
-+_XkbSetMapCheckLength(xkbSetMapReq *req)
-+{
-+    size_t len = sz_xkbSetMapReq, req_len = req->length << 2;
-+    xkbKeyTypeWireDesc *keytype;
-+    xkbSymMapWireDesc *symmap;
-+    BOOL preserve;
-+    int i, map_count, nSyms;
-+
-+    if (req_len < len)
-+        goto bad;
-+    /* types */
-+    if (req->present & XkbKeyTypesMask) {
-+        keytype = (xkbKeyTypeWireDesc *)(req + 1);
-+        for (i = 0; i < req->nTypes; i++) {
-+            _add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc));
-+            if (req->flags & XkbSetMapResizeTypes) {
-+                _add_check_len(keytype->nMapEntries
-+                               * sz_xkbKTSetMapEntryWireDesc);
-+                preserve = keytype->preserve;
-+                map_count = keytype->nMapEntries;
-+                if (preserve) {
-+                    _add_check_len(map_count * sz_xkbModsWireDesc);
-+                }
-+                keytype += 1;
-+                keytype = (xkbKeyTypeWireDesc *)
-+                          ((xkbKTSetMapEntryWireDesc *)keytype + map_count);
-+                if (preserve)
-+                    keytype = (xkbKeyTypeWireDesc *)
-+                              ((xkbModsWireDesc *)keytype + map_count);
-+            }
-+        }
-+    }
-+    /* syms */
-+    if (req->present & XkbKeySymsMask) {
-+        symmap = (xkbSymMapWireDesc *)((char *)req + len);
-+        for (i = 0; i < req->nKeySyms; i++) {
-+            _add_check_len(sz_xkbSymMapWireDesc);
-+            nSyms = symmap->nSyms;
-+            _add_check_len(nSyms*sizeof(CARD32));
-+            symmap += 1;
-+            symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms);
-+        }
-+    }
-+    /* actions */
-+    if (req->present & XkbKeyActionsMask) {
-+        _add_check_len(req->totalActs * sz_xkbActionWireDesc 
-+                       + XkbPaddedSize(req->nKeyActs));
-+    }
-+    /* behaviours */
-+    if (req->present & XkbKeyBehaviorsMask) {
-+        _add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc);
-+    }
-+    /* vmods */
-+    if (req->present & XkbVirtualModsMask) {
-+        _add_check_len(XkbPaddedSize(Ones(req->virtualMods)));
-+    }
-+    /* explicit */
-+    if (req->present & XkbExplicitComponentsMask) {
-+        /* two bytes per non-zero explicit componen */
-+        _add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16)));
-+    }
-+    /* modmap */
-+    if (req->present & XkbModifierMapMask) {
-+         /* two bytes per non-zero modmap component */
-+        _add_check_len(XkbPaddedSize(req->totalModMapKeys * sizeof(CARD16)));
-+    }
-+    /* vmodmap */
-+    if (req->present & XkbVirtualModMapMask) {
-+        _add_check_len(req->totalVModMapKeys * sz_xkbVModMapWireDesc);
-+    }
-+    if (len == req_len)
-+        return Success;
-+bad:
-+    ErrorF("[xkb] BOGUS LENGTH in SetMap: expected %ld got %ld\n",
-+           len, req_len);
-+    return BadLength;
-+}
-+
-+
- /**
-  * Check if the given request can be applied to the given device but don't
-  * actually do anything..
-@@ -2639,6 +2726,11 @@ ProcXkbSetMap(ClientPtr client)
-     CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixManageAccess);
-     CHK_MASK_LEGAL(0x01, stuff->present, XkbAllMapComponentsMask);
- 
-+    /* first verify the request length carefully */
-+    rc = _XkbSetMapCheckLength(stuff);
-+    if (rc != Success)
-+        return rc;
-+
-     tmp = (char *) &stuff[1];
- 
-     /* Check if we can to the SetMap on the requested device. If this
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
deleted file mode 100644
index f39f6b32b1..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Sun, 11 Oct 2020 17:05:09 +0200
-Subject: [PATCH] Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap
- overflows
-
-ZDI-CAN 11389 / CVE-2020-25712
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
-CVE: CVE-2020-25712
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- xkb/xkb.c | 26 +++++++++++++++++++++++---
- 1 file changed, 23 insertions(+), 3 deletions(-)
-
-Index: xorg-server-1.20.8/xkb/xkb.c
-===================================================================
---- xorg-server-1.20.8.orig/xkb/xkb.c
-+++ xorg-server-1.20.8/xkb/xkb.c
-@@ -6625,7 +6625,9 @@ SetDeviceIndicators(char *wire,
-                     unsigned changed,
-                     int num,
-                     int *status_rtrn,
--                    ClientPtr client, xkbExtensionDeviceNotify * ev)
-+                    ClientPtr client,
-+                    xkbExtensionDeviceNotify * ev,
-+                    xkbSetDeviceInfoReq * stuff)
- {
-     xkbDeviceLedsWireDesc *ledWire;
-     int i;
-@@ -6646,6 +6648,11 @@ SetDeviceIndicators(char *wire,
-         xkbIndicatorMapWireDesc *mapWire;
-         XkbSrvLedInfoPtr sli;
- 
-+        if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) {
-+            *status_rtrn = BadLength;
-+            return (char *) ledWire;
-+        }
-+
-         namec = mapc = statec = 0;
-         sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID,
-                                 XkbXI_IndicatorMapsMask);
-@@ -6664,6 +6671,10 @@ SetDeviceIndicators(char *wire,
-             memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom));
-             for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
-                 if (ledWire->namesPresent & bit) {
-+                    if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) {
-+                        *status_rtrn = BadLength;
-+                        return (char *) atomWire;
-+                    }
-                     sli->names[n] = (Atom) *atomWire;
-                     if (sli->names[n] == None)
-                         ledWire->namesPresent &= ~bit;
-@@ -6681,6 +6692,10 @@ SetDeviceIndicators(char *wire,
-         if (ledWire->mapsPresent) {
-             for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
-                 if (ledWire->mapsPresent & bit) {
-+                    if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) {
-+                        *status_rtrn = BadLength;
-+                        return (char *) mapWire;
-+                    }
-                     sli->maps[n].flags = mapWire->flags;
-                     sli->maps[n].which_groups = mapWire->whichGroups;
-                     sli->maps[n].groups = mapWire->groups;
-@@ -6760,7 +6775,7 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
-     ed.deviceID = dev->id;
-     wire = (char *) &stuff[1];
-     if (stuff->change & XkbXI_ButtonActionsMask) {
--        int nBtns, sz, i;
-+	int nBtns, sz, i;
-         XkbAction *acts;
-         DeviceIntPtr kbd;
- 
-@@ -6772,7 +6787,11 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
-                 return BadAlloc;
-             dev->button->xkb_acts = acts;
-         }
-+        if (stuff->firstBtn + stuff->nBtns > nBtns)
-+            return BadValue;
-         sz = stuff->nBtns * SIZEOF(xkbActionWireDesc);
-+        if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz))
-+            return BadLength;
-         memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz);
-         wire += sz;
-         ed.reason |= XkbXI_ButtonActionsMask;
-@@ -6793,7 +6812,8 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
-         int status = Success;
- 
-         wire = SetDeviceIndicators(wire, dev, stuff->change,
--                                   stuff->nDeviceLedFBs, &status, client, &ed);
-+                                   stuff->nDeviceLedFBs, &status, client, &ed,
-+                                   stuff);
-         if (status != Success)
-             return status;
-     }
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
similarity index 84%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
index 4f001c2d3d..4d368a8b5a 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.9.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
@@ -5,11 +5,9 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://0001-test-xtest-Initialize-array-with-braces.patch \
            file://sdksyms-no-build-path.patch \
            file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
-           file://CVE-2020-14360.patch \
-           file://CVE-2020-25712.patch \
            "
-SRC_URI[md5sum] = "afcae2f46d47c33863cab7fd9db7279a"
-SRC_URI[sha256sum] = "e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571"
+SRC_URI[md5sum] = "8cf8bd1f33e3736bc8dd279b20a32399"
+SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99"
 
 CFLAGS += "-fcommon"
 

From patchwork Wed Mar 30 02:27:56 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 6033
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 85C34C433FE
	for <webhook@archiver.kernel.org>; Wed, 30 Mar 2022 02:28:53 +0000 (UTC)
Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com
 [209.85.215.170])
 by mx.groups.io with SMTP id smtpd.web12.2676.1648607333167729704
 for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:53 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=Vu2Jz2im;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f170.google.com with SMTP id k14so16408354pga.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=qNJnKiEn9hdXke5ND3y8y9xoOKVYfdycr1ld1qZL21A=;
        b=Vu2Jz2imUY6nYPOCRZBpTV3EA7dqAvfuGD0Wcl+b8p0CRhuD0QDilVdZA6gj7NvZiZ
         wrYfQMK/Nz7aeykcC3Z+ilqZST9BVeWjBpEk5Ui/WZJ3PFo9BGmKkTJ9o9JLRO0vKGpJ
         tUOlrNLysXurmfR6Pnd/IbIeL+84MlmMdZcnGRlVyU0Ydl6LhRueo48c9n591YzNtbrS
         GjFjdaJt7Jhb/rfC5JU+74xi20/JTJWBz3UzEbz5PzDrT++9LkHAQUn1Ogzc1MknheaV
         vFURSbMz3/D2ybi0gK3tM4OzmElN8HBru6U5C5bwbyR4ZixqX1ZSEmea3372EBxFZ6xs
         M4AQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=qNJnKiEn9hdXke5ND3y8y9xoOKVYfdycr1ld1qZL21A=;
        b=mGX9rDoQJXaImu3aO0dB+Zj5k2D8pAwq8XmZF7fLajpIyahD8xhVaQ3cIpS8E4gBkV
         2Yb4ZdNtgLtK8V7bpgn5YAOsTWoRKIsyGILC+n5gLjEn76Q18gmxk3QdjxyDHg6bQYZw
         b2MKMw8yyi6+bYBjrROlsqXBwi46KTKmscK4tcuM91oT0lStuFtdCcN1zLvPu2QhcK3X
         6hsU+oAqfXYFfo4vMdydFoM0gnuCZR7cXvX1Q1pHz6i8nFCEBXU9acoX2BLjOKLeRCY5
         VGUmSYFqXFf+vFu8S8UkYaUH0oVh1YfEpTrjdRoTphvvBVQrb4tcPujakkblG5DZiRts
         yp8w==
X-Gm-Message-State: AOAM533ymFS46Xd3N4yj/PM/790R4Anr6hi74HMn1enLFxCSFPKBlGWp
	Yhb7J/vxIXPVzxaqy69V/ztHskMmqWggciz84zQ=
X-Google-Smtp-Source: 
 ABdhPJw2luleDBKxCQxWOIn1Tzm4zjZ9ohf4jpn86qp6VMNaotUqAjwhCDj2OkvagHJYnl27IlHF4w==
X-Received: by 2002:a63:788f:0:b0:386:3116:818c with SMTP id
 t137-20020a63788f000000b003863116818cmr4193708pgc.414.1648607332259;
        Tue, 29 Mar 2022 19:28:52 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 kb13-20020a17090ae7cd00b001c7de069bacsm4643484pjb.42.2022.03.29.19.28.50
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 29 Mar 2022 19:28:51 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 4/7] xserver-xorg: update to 1.20.11
Date: Tue, 29 Mar 2022 16:27:56 -1000
Message-Id: 
 <928759347e18e56c991959d1a33aeb87ba6de4ee.1648596723.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1648596723.git.steve@sakoman.com>
References: <cover.1648596723.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 30 Mar 2022 02:28:53 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/163767

Fixes CVE-2021-3472

Stable branch update:

6b767cdf6 (tag: xorg-server-1.20.11) xserver 1.20.11
a1a1aa2c1 Fix XChangeFeedbackControl() request underflow
8890c44a7 xquartz: Remove a check for NSAppKitVersionNumber >= NSAppKitVersionNumber10_7
3c3680c36 xquartz: Don't include strndup.c any more since we no longer support 10.8 and older
e1fdc856a xquartz: Add a launch trampoline to better integrate with modern versions of macOS
8f8e9c53e xquartz: Don't process AppKit events if we haven't finished initializing
aa6f84021 xquartz: Allocate each fbconfig separately
7aa51bb57 xquartz: Fix a compiler warning about const incompatible pointer assignment
d751c46bd xquartz: Fix build with sparkle enabled
03c2e12a8 xquartz: Silence a compiler warning about missing internal methods on NSApplication
fcbd57367 xquartz: Rewrite Window menu handling to not depend on X11App.windowsMenu.numberOfItems being correct in -awakeFromNib
b27c6602b xquartz: Convert X11Controller ivars into @properties
625c7e4de xquartz: Convert X11Application ivars into @properties
3017fec60 xquartz: Fold quartzCommon.h into quartz.h
bdaff44f9 xquartz: Fold away some unnecessary hops to X11Controller through X11Application
7d22031a6 xquartz: Fold away array_with_strings_and_numbers and simplify with more modern Objective-C
937b63ff4 xqaurtz: Remove message_kit_thread() and use dispatch instead
e531d3a4c xquartz: Use objc_autoreleasePoolPush / objc_autoreleasePoolPop directly in QuartzBlockHandler
08cf6c90f xquartz: Minor code modernization -- @autoreleasepool adoption
26e0c59a9 xquartz: Remove some dead code for compatibility with older nibs
2853f3896 xquartz: Remove a workaround for AppKit versions older than Lion
1edc9b980 xquartz: Apply spell check fixes from master for easier cherry-picking of changes in xquartz
67f25cc18 xquartz: Fix applications menu table background color for dark mode
4028c2ad1 xquartz: Apply Xcode 12.4 automatic updates to nibs
ff1c8e2f7 xquartz: Update the about box copyright to 2021
a16df6028 xquartz: Ensure we call into TIS on the main thread
2087b7782 xquartz: Ensure that NSRunAlertPanel() is run on the main thread
2fe5bf4ba xquartz: Remove support for older versions of libXplugin
bc1a2a0d8 xquartz: Remove unused include of AvailabilityMacros.h from various sources
393da8b43 xquartz: Remove support for building for i386
43aaa1093 xquartz: Remove support for Mountain Lion and earlier versions of macOS
fb492686d xquartz: Remove support for Lion and earlier versions of macOS
34784415a xquartz: Remove support for SnowLeopard and earlier versions of macOS
d3f81ecaf xquartz: Remove check for libdispatch now that we don't support pre-SnowLeopard
739c5bd32 xquartz: Remove support for Leopard and earlier versions of macOS
2d7eb8249 xquartz: Remove support for Tiger and earlier versions of macOS
080f9eb76 os: Remove support for Tiger and earlier versions of macOS
be9d2fd87 xquartz: Remove support for Panther and earlier versions of macOS
d39eb5840 Fix typo "XQaurtz" in Xquartz.man
1f2b73176 XQuartz: recognize F16-F20 and Menu keys
ecc4ebf53 xquartz: Add stub ddxInputThread()
f5df31c76 meson.build: KMS support also depends on dri2
b09f5f42d xwayland: Replace LogMessage with LogMessageVerb
c17872d50 xkb: Fix heap overflow caused by optimized away min.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{xserver-xorg_1.20.10.bb => xserver-xorg_1.20.11.bb}      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.10.bb => xserver-xorg_1.20.11.bb} (89%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
index 4d368a8b5a..b800167af9 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://sdksyms-no-build-path.patch \
            file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
            "
-SRC_URI[md5sum] = "8cf8bd1f33e3736bc8dd279b20a32399"
-SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99"
+SRC_URI[md5sum] = "a22ccd74a5eee721cad6805e489c7144"
+SRC_URI[sha256sum] = "914c796e3ffabe1af48071d40ccc85e92117c97a9082ed1df29e4d64e3c34c49"
 
 CFLAGS += "-fcommon"
 

From patchwork Wed Mar 30 02:27:57 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 6034
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9427AC433EF
	for <webhook@archiver.kernel.org>; Wed, 30 Mar 2022 02:28:56 +0000 (UTC)
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com
 [209.85.216.52])
 by mx.groups.io with SMTP id smtpd.web11.2744.1648607335557965952
 for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=SIRinG3t;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.52,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f52.google.com with SMTP id v4so19267916pjh.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=QoqhdtWR+w0KSHSGo2blLGgOs0gdm+AovdT94ieHUk0=;
        b=SIRinG3tCiwCtyG2VXqb3PAfXXn6HlAJy1GTcQNN9hisJ90JrLlQrRgAiAKe5RxZ1g
         RuH1kSu5Hw6el8O40VUo6qHVBq24kKUBCw+Y4RVkRO96JH465zVKSNi2mhmRY4V5xCLu
         sKliWU4rIcZ8trVb9bSuD3ygGYWVkaRLUH+FZ7a1RHkNzIlMpQj0cunFQi3bPELR1SNW
         3gum840KGE0dq8/zPHHMb4P8FTEWblllOh9n9ZWTF/IxtRZwghANoeHkkuMF3ok9iVSD
         RUs7Hyh05uQsW8NwGXq4jXxTUBOVPZEAaAXFUJm0ZXgOZGRR6REt+PYF+vZnnM8aic2Q
         v0Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=QoqhdtWR+w0KSHSGo2blLGgOs0gdm+AovdT94ieHUk0=;
        b=D6hsiYwDAvkRCrqrbAV/FXSA9e8p35OEIadnFLVeqBrEYvrHxAduYW5QNjTAxKIH0l
         zbt2PhFN5z3pPM4OTE5PlpqdQ8UP7x7vOpQGk8+eqcyA3Gz5mIedar5VCBqM2O5EOImX
         He3l0e2mMv+IBExtQa1157ZVWKiKnYKdCaXNTV69rSuO1dCnM0FyGTL9ehVVFptqpTz/
         JLumuAq5NlymkoKjpZ4AAVdycGPMPMjZe+V06mbM3JpWq44SjBttgTeRb0KOS8DFdimf
         3mEedQP1MAFwROYYzECRXNxflYcxgb1JD0qH09lgetiq0BOregKTSdhAebMCuymPo1gp
         BzDg==
X-Gm-Message-State: AOAM532T3o6wPZqbGcw6UCUL0scaO8MJ75Z5d0+UuQyiYwj0ZogTOhD8
	O5AByVsmz0yczgGcVezVagflVQGGnRzQDkfnrTs=
X-Google-Smtp-Source: 
 ABdhPJy04LcT7QvVzXaxH1GTYv8rzWOumFS+k6w91J+BSoO0+2qZhras6ci2OBAB67mBZsQ+q8qrTg==
X-Received: by 2002:a17:903:32ca:b0:154:7cee:7737 with SMTP id
 i10-20020a17090332ca00b001547cee7737mr32517279plr.173.1648607334541;
        Tue, 29 Mar 2022 19:28:54 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 kb13-20020a17090ae7cd00b001c7de069bacsm4643484pjb.42.2022.03.29.19.28.53
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 29 Mar 2022 19:28:53 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 5/7] xserver-xorg: update to 1.20.12
Date: Tue, 29 Mar 2022 16:27:57 -1000
Message-Id: 
 <e8416c75630a27527faedeab218a8ba71a1eb5ea.1648596723.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1648596723.git.steve@sakoman.com>
References: <cover.1648596723.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 30 Mar 2022 02:28:56 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/163768

Stable branch update:

b88ad0b34 (tag: xorg-server-1.20.12) xserver 1.20.12
8dea50223 Build xz tarballs instead of bzip2
b7adbac7d hw/dmx/config: Link directly with libdmxconfig.a
e49738f0c xfree86: Fix NULL pointer dereference crash
9a59631a4 glx: Fix use after free in MakeCurrent
1fc0ca6e6 xfree86: Fix out of array bound access to xf86Entities
a4210fe07 xfree86: Change displays array to pointers array to fix invalid pointer issues after table reallocation
22449f630 glamor: Avoid using GL_QUADS on V3D
d16f64031 modesetting: Fix possible_crtcs
f1e76731a modesetting: Update props for dynamically added outputs
7bf477711 xquartz: Ensure the mouse pointer is shown when switching to a native macOS alert or window
3ef6e7b76 xquartz: Fix appFlags build failure with macOS 10.15+ SDKs
2a83c840c glx: Set ContextTag for all contexts
394b6cc1c glx: don't create implicit GLXWindow if one already exists
0086535e7 modesetting: Remove few common functions from ms namespace
321964443 modesetting: remove unnecessary ms_covering_xf86_crtc dup of ms_covering_randr_crtc
52eb801d0 modesetting: Find crtc on slave outputs as fallback instead of returning primary crtc
c7a2da7b9 present: fix msc offset calculation in screen mode
31544e68e present: Use crtc's screen present operation for syncing
464cbee1c modesetting: Initialize present extension despite glamor is disabled
4e11bd390 modesetting: Disable reverse prime offload mode for displays running on evdi,udl
627252933 dix: Guard against non-existing PtrFeedbackPtr
d41b43345 xwayland: Add PtrFeedback to the touch device
23a53f0d5 glx: fixup symbol name for get_extensions function

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/xorg-xserver/xserver-xorg.inc           | 2 +-
 .../{xserver-xorg_1.20.11.bb => xserver-xorg_1.20.12.bb}      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.11.bb => xserver-xorg_1.20.12.bb} (89%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index c891211c40..ce57982a7d 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -16,7 +16,7 @@ PE = "2"
 INC_PR = "r8"
 
 XORG_PN = "xorg-server"
-SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2"
+SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.gz"
 
 CVE_PRODUCT = "xorg-server x_server"
 # This is specific to Debian's xserver-wrapper.c
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
index b800167af9..2b326082d0 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.11.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://sdksyms-no-build-path.patch \
            file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
            "
-SRC_URI[md5sum] = "a22ccd74a5eee721cad6805e489c7144"
-SRC_URI[sha256sum] = "914c796e3ffabe1af48071d40ccc85e92117c97a9082ed1df29e4d64e3c34c49"
+SRC_URI[md5sum] = "8775d8c22de768107978202fcf240e2e"
+SRC_URI[sha256sum] = "71687561262e4527a7ef779193725416f70c3e0424daaa9a6617bd37dc7701bb"
 
 CFLAGS += "-fcommon"
 

From patchwork Wed Mar 30 02:27:58 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 6035
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7DB3AC433EF
	for <webhook@archiver.kernel.org>; Wed, 30 Mar 2022 02:28:58 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web09.2720.1648607337511358738
 for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:57 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=caVtzAVS;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id s8so17506857pfk.12
        for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=TtaA5ZNPodQg5bXyNDSLZZOgW/3P1ItVPgcVa4jqris=;
        b=caVtzAVSCIYG0wSQSUu3w+i+2G7EQLiuZg94KpB0Q/Gzw8bNrUbePjHVkmva0t6Pfl
         hwPTg5RKfrGPG5E316vdN8pvJChuxx4uNvlqACejbiZAr6p9Ge+68q+IiA6la2ta1q6x
         t7/vwxgpl2euRxyWQUsp/ayAZEGpxWrjtdrppVmXuFxG7GYIIgjNEmpXVrf+o0YzHSun
         1lXzDS2xM7rZ4AcPOkSpWYuzU0WVlD7ccbcyn5RxbKGfj+3SP9HTM4Qx3N+em+DWvsyS
         tt4qV5M9LBnuVQqGRhhhlwT1fIxGFCW2MPJ+WPVro8glfM9BLi7y00N5SMDkXK5+X1dO
         uyLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=TtaA5ZNPodQg5bXyNDSLZZOgW/3P1ItVPgcVa4jqris=;
        b=Meaj7ydNzMaU9chpesvyO3T61C7c4+v4GI2ykXQT7cja3hqpK3bG/T5x7f8Cn8MeWk
         FKjQKLsQmQb6WVckKwX/o4mEybDsV/8o/Rz7YaI1jg/OHIwL+PfJzsKyxsrbW9T9wNx7
         M/8Xg2zGIzOGGuVOd6yFzEFBOw/XF9wrW2dFu4vbnrMBxPbOm11HY371PmQu4j417T6R
         D/xudkaabESIzt06njSG2ppzSO7ElU7WZQCwxsxpe0oWyTOf4PNEnQ9wr2piO0QSi0Se
         xiVN3MgYxLWUVnvlDHOUlY1FA7O/VPZUxQoY28BmiW3j6+M1XSzAAhue+Xhyf1D7Ri4L
         AR/w==
X-Gm-Message-State: AOAM531ZCweTiz4qEsRRfQA6VoArcl9xtBcO4PGhHmhwnQM34cJTVMjY
	0Q2mwKnePARFmJWqKHYzCMxwOJXn22NWknqthiE=
X-Google-Smtp-Source: 
 ABdhPJzHjfgpvJiCKoo+T7tz2h76O3DIYb2q2oQ55MfduAAjACDQPYxEibCd6IWhizqF522YzovKeQ==
X-Received: by 2002:a05:6a00:a8b:b0:4cd:6030:4df3 with SMTP id
 b11-20020a056a000a8b00b004cd60304df3mr30557634pfl.40.1648607336558;
        Tue, 29 Mar 2022 19:28:56 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 kb13-20020a17090ae7cd00b001c7de069bacsm4643484pjb.42.2022.03.29.19.28.55
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 29 Mar 2022 19:28:56 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 6/7] xserver-xorg: update to 1.20.13
Date: Tue, 29 Mar 2022 16:27:58 -1000
Message-Id: 
 <3e9ecd77449a5bd70a55d47db7a2dfb85d44d9c2.1648596723.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1648596723.git.steve@sakoman.com>
References: <cover.1648596723.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 30 Mar 2022 02:28:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/163769

Stable branch update:

86a72cb19 (tag: xorg-server-1.20.13) xserver 1.20.13
f85e4edba modesetting: unflip not possible when glamor is not set
b03d7184b present: fallback get_crtc to return crtc belonging to screen with present extension

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{xserver-xorg_1.20.12.bb => xserver-xorg_1.20.13.bb}      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.12.bb => xserver-xorg_1.20.13.bb} (89%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
index 2b326082d0..424d81add9 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.12.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://sdksyms-no-build-path.patch \
            file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
            "
-SRC_URI[md5sum] = "8775d8c22de768107978202fcf240e2e"
-SRC_URI[sha256sum] = "71687561262e4527a7ef779193725416f70c3e0424daaa9a6617bd37dc7701bb"
+SRC_URI[md5sum] = "1724c6efe8599fb0dc6c69c5f268de71"
+SRC_URI[sha256sum] = "26f801f4d92216995f389873cf3b4e90069cf63e94bc5dd09ebbf7fd7e1ddcc2"
 
 CFLAGS += "-fcommon"
 

From patchwork Wed Mar 30 02:27:59 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 6036
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 87A51C433EF
	for <webhook@archiver.kernel.org>; Wed, 30 Mar 2022 02:29:00 +0000 (UTC)
Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com
 [209.85.215.179])
 by mx.groups.io with SMTP id smtpd.web11.2745.1648607339860089348
 for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:59 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=P0UPTPwE;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f179.google.com with SMTP id l129so7858654pga.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 29 Mar 2022 19:28:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=gVGVuhz3b8K4GTg2023+SMvl44DEnPf9SaJgUBE18TI=;
        b=P0UPTPwEoyOua9fkqSa5JCG0MBZ2awkIb0P2H5gUNyfsTklgFMXVhVgp9NU9xs9Iyg
         xCKqG0rDkcO9GTS0QlIGcDPPIoD8WqKPkrhT6FPLPwATJqcK42mMPM05VORtTbDaCaF9
         h6bv7i1RYKnmmejj9ToLI+HsFKhDDouh251jydoU+Upr6TjC9DPiJ001ypVDnNIUyqpE
         j/bAJT4oz3YgMtIYL/JlhvnMpr/RKZovoUl28kujjfOmt+8HIyzB8QRTm5W4yOhP24Z0
         og2zsDl+6dLGWGazcoM4kIH/i2oOa+Oy6eQwDOnvIXqmZ12+E+ozrazjp3QcyUVlZXwz
         mhdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=gVGVuhz3b8K4GTg2023+SMvl44DEnPf9SaJgUBE18TI=;
        b=5127cyO/PuV5+veF6VhKy77gIrZJRn+myGdUpU8nMWo2b4q/XukLfMgzlSaPDw53qO
         /grRYeOtWdQP1uVyUWV79sPkQKLRM2Su3CGEjp2j0UzplGyJ7fJv6GPPAu1UFvYkS+yd
         nPyMtqSiMDWWOx0ImfczwbYJaMo/qLU8RsmRy/Zf3YOr47HHA6ky1K4/neeijEdmLZ8D
         iREXQqld5akqFasdJ/VC+soNJFl5ngeBY+Py5VOuSU8IC2rbwUPtizg4oqKBc2JNX8st
         fK4Rw5hxyGo9mxETv+1kwAOLdzo89/an/wETpKAQ7cGgLbXhnRCqT4diufDLoZzVwl7g
         izWw==
X-Gm-Message-State: AOAM530TuTUfFi//cQDunEkS1ZdhkNYR41KucgAzx9Wro9/hl/aL2W8S
	wmgD84GtrtyJMYA+stzWtOtkm4ppirzeq/0MpSU=
X-Google-Smtp-Source: 
 ABdhPJwkt9T86qjpRYexq5VY9bYnd+Jxss7JeckwX+rl1stsjHHWrHlYlF2lRDcqfvHkGnvR1pT1oQ==
X-Received: by 2002:a05:6a00:1304:b0:4e1:2338:f11e with SMTP id
 j4-20020a056a00130400b004e12338f11emr30885325pfu.24.1648607338945;
        Tue, 29 Mar 2022 19:28:58 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 kb13-20020a17090ae7cd00b001c7de069bacsm4643484pjb.42.2022.03.29.19.28.57
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 29 Mar 2022 19:28:58 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 7/7] xserver-xorg: update to 1.20.14
Date: Tue, 29 Mar 2022 16:27:59 -1000
Message-Id: 
 <aa2bb4f62dd7e5c6fdf220264c3d62fbf2cc7d16.1648596723.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1648596723.git.steve@sakoman.com>
References: <cover.1648596723.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 30 Mar 2022 02:29:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/163770

Fixes: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011

Stable branch update:

97c5b7777 (HEAD -> server-1.20-branch, tag: xorg-server-1.20.14, origin/server-1.20-branch) xserver 1.20.14
35b4681c7 render: Fix out of bounds access in SProcRenderCompositeGlyphs()
67425fcab Xext: Fix out of bounds access in SProcScreenSaverSuspend()
6bb8aeb30 xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
acc50e609 record: Fix out of bounds access in SwapCreateRegister()
5ff3310b6 modesetting: Allow Present flips with mismatched stride on atomic drivers.
574fe59ef Fix RandR leasing for more than 1 simultaneously active lease.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{xserver-xorg_1.20.13.bb => xserver-xorg_1.20.14.bb}      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.13.bb => xserver-xorg_1.20.14.bb} (89%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
similarity index 89%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
index 424d81add9..d176f390a4 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
@@ -6,8 +6,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://sdksyms-no-build-path.patch \
            file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
            "
-SRC_URI[md5sum] = "1724c6efe8599fb0dc6c69c5f268de71"
-SRC_URI[sha256sum] = "26f801f4d92216995f389873cf3b4e90069cf63e94bc5dd09ebbf7fd7e1ddcc2"
+SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf"
+SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066"
 
 CFLAGS += "-fcommon"