From: "Steve Sakoman" <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 08/41] libx11: fix CVE-2020-14363
Date: Wed, 30 Sep 2020 12:11:10 -1000 [thread overview]
Message-ID: <5919afe43083d9d0b818c26ca4d6c175efa0f7b5.1601502610.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1601502610.git.steve@sakoman.com>
From: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xorg-lib/libx11/CVE-2020-14363.patch | 36 +++++++++++++++++++
.../recipes-graphics/xorg-lib/libx11_1.6.9.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch
new file mode 100644
index 0000000000..60045e2890
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch
@@ -0,0 +1,36 @@
+From acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Thu, 13 Aug 2020 18:02:58 +0200
+Subject: [PATCH] Fix an integer overflow in init_om()
+
+CVE-2020-14363
+
+This can lead to a double free later, as reported by Jayden Rivers.
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d]
+CVE: CVE-2020-14363
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ modules/om/generic/omGeneric.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
+index c44acb88..406cec93 100644
+--- a/modules/om/generic/omGeneric.c
++++ b/modules/om/generic/omGeneric.c
+@@ -1908,7 +1908,8 @@ init_om(
+ char **required_list;
+ XOrientation *orientation;
+ char **value, buf[BUFSIZ], *bufptr;
+- int count = 0, num = 0, length = 0;
++ int count = 0, num = 0;
++ unsigned int length = 0;
+
+ _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
+ if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
index 84e0e4457e..ebd2640743 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
@@ -14,6 +14,7 @@ SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \
file://disable_tests.patch \
file://libx11-whitespace.patch \
file://CVE-2020-14344.patch \
+ file://CVE-2020-14363.patch \
"
SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2"
--
2.17.1
next prev parent reply other threads:[~2020-09-30 22:12 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-30 22:11 [OE-core][dunfell 00/41] Patch review Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 01/41] python3-markupsafe: Import from meta-oe/meta-python Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 02/41] python3-jinja2: " Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 03/41] buildtools-tarball: Add python3-jinja2 Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 04/41] site: Make sys_siglist default to no Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 05/41] qemu : fix CVE-2020-16092 Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 06/41] bash : inlcude patch 17 & 18 Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 07/41] xserver-xorg: fix CVE-2020-14346/14361/14362 Steve Sakoman
2020-09-30 22:11 ` Steve Sakoman [this message]
2020-09-30 22:11 ` [OE-core][dunfell 09/41] cve-update-db-native: be less magical about checking whether the cve-check class is enabled Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 10/41] cve-update-db-native: move -journal checking into do_fetch Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 11/41] cve-update-db-native: remove unused variable Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 12/41] alsa-plugins: improve .la removal Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 13/41] sato-screenshot: " Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 14/41] insane: Check for feature check variables not being used Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 15/41] insane: check for missing update-alternatives inherit Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 16/41] xinput-calibrator: change SRC_URI to branch with libinput support Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 17/41] dropbear/openssh: Lower priority of key generation Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 18/41] testexport: rename create_tarball method Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 19/41] packagegroups: remove strace and lttng-tools for rv32/musl Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 20/41] curl: Change SRC_URI from http to https Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 21/41] meta: add/fix invalid Upstream-Status tags Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 22/41] buildtools: Handle generic environment setup injection Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 23/41] buildtools-tarball: Fix conflicts with oe-selftest and other tooling Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 24/41] oeqa/qemurunner: Increase serial timeout Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 25/41] oeqa/selftest/incompatible_lib: Fix append usage Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 26/41] oeqa/selftest/containerimage: Update to match assumptions in configuration Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 27/41] ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 28/41] bash: fix CVE-2019-18276 Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 29/41] packagegroup: rrecommend perf also for musl on ARM Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 30/41] sysvinit rc: Use PSPLASH_FIFO_DIR for progress fifo Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 31/41] openssh: Allow enable/disable of rng-tools recommendation on sshd Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 32/41] sstate.bbclass: Check file ownership before doing 'touch -a' Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 33/41] kernel-yocto: add KBUILD_DEFCONFIG search location to failure message Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 34/41] linux-yocto/config: netfilter: Enable nat for ipv4 and ipv6 Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 35/41] linux-yocto/5.4: update to v5.4.64 Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 36/41] linux-yocto/5.4: update to v5.4.65 Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 37/41] lttng-modules: backport writeback.h changes from 2.12.x to fix kernel 5.4.62+ Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 38/41] wic: Add --offset argument for partitions Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 39/41] wic: Fix --extra-space argument handling Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 40/41] wic: Fix error message when reporting invalid offset Steve Sakoman
2020-09-30 22:11 ` [OE-core][dunfell 41/41] wic: Add 512 Byte alignment to --offset Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5919afe43083d9d0b818c26ca4d6c175efa0f7b5.1601502610.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.