* [PATCH] pixman: backport fix for CVE-2022-44638
@ 2022-11-08 8:51 Ezhilarasan
2022-11-08 10:18 ` [OE-core] " Michael Opdenacker
0 siblings, 1 reply; 3+ messages in thread
From: Ezhilarasan @ 2022-11-08 8:51 UTC (permalink / raw)
To: openembedded-core
Reference to upstream patch:
https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
Signed-off-by: Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com>
---
.../xorg-lib/pixman/CVE-2022-44638.patch | 37 +++++++++++++++++++
.../xorg-lib/pixman_0.40.0.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
diff --git a/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch b/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
new file mode 100644
index 0000000000..ab5acaf2ee
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
@@ -0,0 +1,37 @@
+From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Wed, 2 Nov 2022 12:07:32 -0400
+Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write
+
+Upstream-Status: Backport
+CVE: CVE-2022-44638
+
+Reference to upstream patch:
+https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
+
+Signed-off-by: Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com>
+
+Thanks to Maddie Stone and Google's Project Zero for discovering this
+issue, providing a proof-of-concept, and a great analysis.
+
+Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
+---
+ pixman/pixman-trap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c
+index 91766fd..7560405 100644
+--- a/pixman/pixman-trap.c
++++ b/pixman/pixman-trap.c
+@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y,
+
+ if (f < Y_FRAC_FIRST (n))
+ {
+- if (pixman_fixed_to_int (i) == 0x8000)
++ if (pixman_fixed_to_int (i) == 0xffff8000)
+ {
+ f = 0; /* saturate */
+ }
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
index ccfe277746..c56733eefd 100644
--- a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
+++ b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
@@ -9,6 +9,7 @@ DEPENDS = "zlib"
SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \
file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \
+ file://CVE-2022-44638.patch \
"
SRC_URI[md5sum] = "73858c0862dd9896fb5f62ae267084a4"
SRC_URI[sha256sum] = "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc"
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] pixman: backport fix for CVE-2022-44638
2022-11-08 8:51 [PATCH] pixman: backport fix for CVE-2022-44638 Ezhilarasan
@ 2022-11-08 10:18 ` Michael Opdenacker
0 siblings, 0 replies; 3+ messages in thread
From: Michael Opdenacker @ 2022-11-08 10:18 UTC (permalink / raw)
To: Ezhilarasan; +Cc: openembedded-core
Hi Ravula
Thank you very much for the patch!
On 11/8/22 09:51, Ezhilarasan wrote:
> Reference to upstream patch:
> https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
>
> Signed-off-by: Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com>
However, if I apply your patch through "git am", the author of the
commit will be:
Ezhilarasan <ezhilarasanx.s@intel.com>
instead of
Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com>
Because of this issue, the maintainer has to manually fix this field
when accepting your patch. Worse, if he doesn't catch this, that's
harder to fix afterwards.
You should be able to fix this by running:
git config --global sendemail.from "ezhilarasanx.s@intel.com"
This should add a "From" field to the sent patch which "git am" should
be able to match with your name.
At least this worked for me. See
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Sending_using_git-send-email
Could you try to send an update (don't hesitate to send a private one to
me first)?
Thanks in advance
Michael.
--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] pixman: backport fix for CVE-2022-44638
@ 2022-11-08 16:21 adhityax.siddartha.ravula
0 siblings, 0 replies; 3+ messages in thread
From: adhityax.siddartha.ravula @ 2022-11-08 16:21 UTC (permalink / raw)
To: openembedded-core
From: Adhitya Siddartha <adhityax.siddartha.ravula@intel.com>
Reference to upstream patch:
https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
Signed-off-by: Adhitya Siddartha <adhityax.siddartha.ravula@intel.com>
---
.../xorg-lib/pixman/CVE-2022-44638.patch | 37 +++++++++++++++++++
.../xorg-lib/pixman_0.40.0.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
diff --git a/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch b/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
new file mode 100644
index 0000000000..ab5acaf2ee
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
@@ -0,0 +1,37 @@
+From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Wed, 2 Nov 2022 12:07:32 -0400
+Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write
+
+Upstream-Status: Backport
+CVE: CVE-2022-44638
+
+Reference to upstream patch:
+https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
+
+Signed-off-by: Ravula AdhityaX Siddartha <adhityax.siddartha.ravula@intel.com>
+
+Thanks to Maddie Stone and Google's Project Zero for discovering this
+issue, providing a proof-of-concept, and a great analysis.
+
+Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
+---
+ pixman/pixman-trap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c
+index 91766fd..7560405 100644
+--- a/pixman/pixman-trap.c
++++ b/pixman/pixman-trap.c
+@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y,
+
+ if (f < Y_FRAC_FIRST (n))
+ {
+- if (pixman_fixed_to_int (i) == 0x8000)
++ if (pixman_fixed_to_int (i) == 0xffff8000)
+ {
+ f = 0; /* saturate */
+ }
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
index ccfe277746..c56733eefd 100644
--- a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
+++ b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
@@ -9,6 +9,7 @@ DEPENDS = "zlib"
SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \
file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \
+ file://CVE-2022-44638.patch \
"
SRC_URI[md5sum] = "73858c0862dd9896fb5f62ae267084a4"
SRC_URI[sha256sum] = "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc"
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-08 16:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-08 8:51 [PATCH] pixman: backport fix for CVE-2022-44638 Ezhilarasan
2022-11-08 10:18 ` [OE-core] " Michael Opdenacker
2022-11-08 16:21 adhityax.siddartha.ravula
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.