diff options
Diffstat (limited to 'meta-oe/recipes-graphics')
16 files changed, 577 insertions, 18 deletions
diff --git a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb index 6ef9f74c70..2f4f16589d 100644 --- a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb +++ b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb @@ -7,14 +7,24 @@ SRC_URI = "https://sourceforge.net/projects/${BPN}/files/${BPN}/${PV}/${BPN}-${P SRC_URI[md5sum] = "cd5c670c1086358598a6d4a9d166949d" SRC_URI[sha256sum] = "d4000e02102acaf259998c870e25214739d1f16f67f99cb35e4f46841399da68" -inherit cmake features_check +inherit cmake features_check pkgconfig -# depends on virtual/libx11, virtual/libgl -REQUIRED_DISTRO_FEATURES = "x11 opengl" +# depends on virtual/libgl +REQUIRED_DISTRO_FEATURES = "opengl" +PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'wayland x11', d)}" +PACKAGECONFIG[gles] = "-DFREEGLUT_GLES=ON,-DFREEGLUT_GLES=OFF," +PACKAGECONFIG[wayland] = "-DFREEGLUT_WAYLAND=ON,-DFREEGLUT_WAYLAND=OFF,libxkbcommon" +PACKAGECONFIG[demos] = "-DFREEGLUT_BUILD_DEMOS=ON,-DFREEGLUT_BUILD_DEMOS=OFF," +PACKAGECONFIG[x11] = ",,virtual/libx11 libice libxmu libglu libxrandr libxext" # Do not use -fno-common, check back when upgrading to new version it might not be needed CFLAGS += "-fcommon" PROVIDES += "mesa-glut" -DEPENDS = "virtual/libx11 libxmu libxi virtual/libgl libglu libxrandr" +DEPENDS = "virtual/libgl libxi" + +do_install:append() { + # Remove buildpaths + sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/cmake/FreeGLUT/FreeGLUTTargets.cmake +} diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch new file mode 100644 index 0000000000..a48f8aa06a --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch @@ -0,0 +1,38 @@ +From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope + 'gv_api' + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index 2d86321..f9d1dcc 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -173,7 +173,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + { + char *package_path, *name, *api; + const char *type; +- api_t gv_api; + int quality, rc; + int nest = 0; + gvplugin_package_t *package; +@@ -188,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + package = gvplugin_package_record(gvc, package_path, name); + do { + api = token(&nest, &s); +- gv_api = gvplugin_api(api); ++ const api_t gv_api = gvplugin_api(api); + do { + if (nest == 2) { + type = token(&nest, &s); +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch new file mode 100644 index 0000000000..4c70b1a877 --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch @@ -0,0 +1,39 @@ +From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope + 'api' + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index f9d1dcc..95e8c6c 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -171,7 +171,7 @@ static char *token(int *nest, char **tokens) + + static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + { +- char *package_path, *name, *api; ++ char *package_path, *name; + const char *type; + int quality, rc; + int nest = 0; +@@ -186,7 +186,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + name = "x"; + package = gvplugin_package_record(gvc, package_path, name); + do { +- api = token(&nest, &s); ++ const char *api = token(&nest, &s); + const api_t gv_api = gvplugin_api(api); + do { + if (nest == 2) { +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch new file mode 100644 index 0000000000..4746265eeb --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch @@ -0,0 +1,31 @@ +From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc: detect plugin installation failure and display an error + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index 95e8c6c..77d0865 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -188,6 +188,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + do { + const char *api = token(&nest, &s); + const api_t gv_api = gvplugin_api(api); ++ if (gv_api == (api_t)-1) { ++ agerr(AGERR, "config error: %s %s not found\n", package_path, api); ++ return 0; ++ } + do { + if (nest == 2) { + type = token(&nest, &s); +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb index 4c51af669c..f06e2adb02 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb @@ -20,6 +20,9 @@ DEPENDS:append:class-nativesdk = " ${BPN}-native" inherit autotools-brokensep pkgconfig gettext qemu SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \ + file://CVE-2023-46045-1.patch \ + file://CVE-2023-46045-2.patch \ + file://CVE-2023-46045-3.patch \ " # Use native mkdefs SRC_URI:append:class-target = "\ diff --git a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb index 1a94215839..7f93f704e0 100644 --- a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb +++ b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb @@ -9,7 +9,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" # TODO: Pin upstream release (current v7.11.0-80-g419a757) -SRC_URI = "git://github.com/lvgl/lv_drivers;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_drivers;protocol=https;branch=master" SRCREV = "419a757c23aaa67c676fe3a2196d64808fcf2254" DEPENDS = "libxkbcommon lvgl wayland" @@ -19,15 +19,15 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -S = "${WORKDIR}/${PN}-${PV}" +S = "${WORKDIR}/git" LVGL_CONFIG_WAYLAND_HOR_RES ?= "480" LVGL_CONFIG_WAYLAND_VER_RES ?= "320" -EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${baselib}" TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" # Upstream does not support a default configuration # but propose a default "disabled" template, which is used as reference diff --git a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb index 032e85f522..0049bbe237 100644 --- a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb +++ b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb @@ -8,21 +8,23 @@ DESCRIPTION = "Allow the use of PNG images in LVGL. This implementation uses lod LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" -SRC_URI = "git://github.com/lvgl/lv_lib_png;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_lib_png;;protocol=https;branch=master" SRCREV = "bf1531afe07c9f861107559e29ab8a2d83e4715a" +S = "${WORKDIR}/git" + # because of lvgl dependency REQUIRED_DISTRO_FEATURES = "wayland" DEPENDS += "lvgl" -EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${baselib}" inherit cmake inherit features_check TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" FILES:${PN}-dev = "\ ${includedir}/lvgl/lv_lib_png/ \ diff --git a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb index 2005afa2fd..0021da01fb 100644 --- a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb +++ b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb @@ -8,7 +8,7 @@ SUMMARY = "Light and Versatile Graphics Library" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENCE.txt;md5=bf1198c89ae87f043108cea62460b03a" -SRC_URI = "gitsm://github.com/lvgl/lvgl;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "gitsm://github.com/lvgl/lvgl;protocol=https;branch=master" SRCREV = "d38eb1e689fa5a64c25e677275172d9c8a4ab2f0" REQUIRED_DISTRO_FEATURES = "wayland" @@ -16,8 +16,8 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${BASELIB}" -S = "${WORKDIR}/${PN}-${PV}" +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${baselib}" +S = "${WORKDIR}/git" LVGL_CONFIG_LV_MEM_CUSTOM ?= "0" diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch new file mode 100644 index 0000000000..0322f55cc7 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch @@ -0,0 +1,45 @@ +From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 18 Feb 2024 17:02:25 +0100 +Subject: [PATCH] opj_decompress: fix off-by-one read heap-buffer-overflow in + sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347) + +Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf] +CVE: CVE-2021-3575 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/bin/common/color.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/bin/common/color.c b/src/bin/common/color.c +index 27f15f13..ae5d648d 100644 +--- a/src/bin/common/color.c ++++ b/src/bin/common/color.c +@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img) + if (i < loopmaxh) { + size_t j; + +- for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) { ++ if (offx > 0U) { ++ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); ++ ++y; ++ ++r; ++ ++g; ++ ++b; ++ } ++ ++ for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + + ++y; +@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img) + ++cb; + ++cr; + } +- if (j < maxw) { ++ if (j < loopmaxw) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + } + } +-- +2.39.3 diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index 42d2b4efb0..a619c07aa4 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -11,6 +11,7 @@ SRC_URI = " \ file://0001-This-patch-fixed-include-dir-to-usr-include-.-Obviou.patch \ file://CVE-2021-29338.patch \ file://CVE-2022-1122.patch \ + file://CVE-2021-3575.patch \ " SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git" @@ -26,4 +27,4 @@ EXTRA_OECMAKE += "-DOPENJPEG_INSTALL_LIB_DIR=${@d.getVar('baselib').replace('/', FILES:${PN} += "${libdir}/openjpeg*" -BBCLASSEXTEND = "native nativesdk" +BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb index c2000b264b..cb2563225f 100644 --- a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb +++ b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb @@ -81,3 +81,5 @@ FILES:tslib-uinput += "${bindir}/ts_uinput" FILES:tslib-tests = "${bindir}/ts_harvest ${bindir}/ts_print ${bindir}/ts_print_raw ${bindir}/ts_print_mt \ ${bindir}/ts_test ${bindir}/ts_test_mt ${bindir}/ts_verify ${bindir}/ts_finddev ${bindir}/ts_conf" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb index 6a05e98e32..d394b33de2 100644 --- a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb +++ b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb @@ -13,7 +13,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=64322fab5239f5c8d97cf6e0e14f1c62" DEPENDS += "libxaw libxkbfile" -BBCLASSEXTEND = "native" - SRC_URI[md5sum] = "502b14843f610af977dffc6cbf2102d5" SRC_URI[sha256sum] = "d2a18ab90275e8bca028773c44264d2266dab70853db4321bdbc18da75148130" diff --git a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb index 30a1e089e3..a9a8acf05c 100644 --- a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb +++ b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb @@ -8,7 +8,6 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=6ea29dbee22324787c061f039e0529de" DEPENDS += "xbitmaps libxcursor" -BBCLASSEXTEND = "native" SRC_URI[md5sum] = "5fe769c8777a6e873ed1305e4ce2c353" SRC_URI[sha256sum] = "10c442ba23591fb5470cea477a0aa5f679371f4f879c8387a1d9d05637ae417c" diff --git a/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2023-40359.patch b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2023-40359.patch new file mode 100644 index 0000000000..342a8d8725 --- /dev/null +++ b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2023-40359.patch @@ -0,0 +1,388 @@ +From 41ba5cf31da5e43477811b28009d64d3f643fd29 Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" <dickey@invisible-island.net> +Date: Wed, 8 Mar 2023 01:06:03 +0000 +Subject: [PATCH] snapshot of project "xterm", label xterm-379c + +Upstream-Status: Backport from https://github.com/ThomasDickey/xterm-snapshots/commit/41ba5cf31da5e43477811b28009d64d3f643fd29 +CVE: CVE-2023-40359 + +Signed-off-by: Rohini Sangam <rsangam@mvista.com> + +--- + graphics_regis.c | 235 +++++++++++++++++++++++++++-------------------- + 1 file changed, 133 insertions(+), 102 deletions(-) + +diff --git a/graphics_regis.c b/graphics_regis.c +index 479bb79..cf14437 100644 +--- a/graphics_regis.c ++++ b/graphics_regis.c +@@ -1,8 +1,8 @@ +-/* $XTermId: graphics_regis.c,v 1.129 2022/02/21 13:33:08 tom Exp $ */ ++/* $XTermId: graphics_regis.c,v 1.139 2023/03/08 01:06:03 tom Exp $ */ + + /* +- * Copyright 2014-2021,2022 by Ross Combs +- * Copyright 2014-2021,2022 by Thomas E. Dickey ++ * Copyright 2014-2022,2023 by Ross Combs ++ * Copyright 2014-2022,2023 by Thomas E. Dickeiy + * + * All Rights Reserved + * +@@ -119,6 +119,14 @@ typedef struct RegisTextControls { + int slant; /* for italic/oblique */ + } RegisTextControls; + ++#define S_QUOTE '\'' ++#define D_QUOTE '"' ++ ++#define isQuote(ch) ((ch) == S_QUOTE || (ch) == D_QUOTE) ++#define PickQuote(ch) ((ch) == S_QUOTE ? D_QUOTE : S_QUOTE) ++ ++#define isName(c) ((c) == '_' || isalnum(CharOf(c))) ++ + #define FixedCopy(dst, src, len) strncpy(dst, src, len - 1)[len - 1] = '\0' + #define CopyFontname(dst, src) FixedCopy(dst, src, (size_t) REGIS_FONTNAME_LEN) + +@@ -538,8 +546,8 @@ draw_or_save_patterned_pixel(RegisGraphicsContext *context, int x, int y) + static int + sort_points(void const *l, void const *r) + { +- RegisPoint const *const lp = l; +- RegisPoint const *const rp = r; ++ RegisPoint const *const lp = (RegisPoint const *) l; ++ RegisPoint const *const rp = (RegisPoint const *) r; + + if (lp->y < rp->y) + return -1; +@@ -3151,6 +3159,37 @@ extract_regis_command(RegisDataFragment *input, char *command) + return 1; + } + ++/* ++ * * Check a ReGIS alphabet name before reporting it, to pick an appropriate ++ * * delimiter. If the string is empty, or contains nonreportable characters, ++ * * just return NUL. ++ * */ ++static int ++pick_quote(const char *value) ++{ ++ Bool s_quote = False; ++ Bool d_quote = False; ++ ++ if (*value != '\0') { ++ while (*value != '\0') { ++ int ch = CharOf(*value++); ++ if (ch == D_QUOTE) ++ d_quote = True; ++ else if (ch == S_QUOTE) ++ s_quote = True; ++ else if (!isName(ch)) ++ s_quote = d_quote = True; ++ } ++ } else { ++ s_quote = d_quote = True; ++ } ++ return ((s_quote && d_quote) ++ ? 0 ++ : (s_quote ++ ? D_QUOTE ++ : S_QUOTE)); ++} ++ + static int + extract_regis_string(RegisDataFragment *input, char *out, unsigned maxlen) + { +@@ -3166,7 +3205,7 @@ extract_regis_string(RegisDataFragment *input, char *out, unsigned maxlen) + return 0; + + ch = peek_fragment(input); +- if (ch != '\'' && ch != '"') ++ if (!isQuote(ch)) + return 0; + open_quote_ch = ch; + outlen = 0U; +@@ -3246,7 +3285,7 @@ extract_regis_parenthesized_data(RegisDataFragment *input, + for (; input->pos < input->len; input->pos++, output->len++) { + char prev_ch = ch; + ch = input->start[input->pos]; +- if (ch == '\'' || ch == '"') { ++ if (isQuote(ch)) { + if (open_quote_ch == '\0') { + open_quote_ch = ch; + } else { +@@ -3314,7 +3353,7 @@ extract_regis_option(RegisDataFragment *input, + if (ch == ';' || ch == ',' || + ch == '(' || ch == ')' || + ch == '[' || ch == ']' || +- ch == '"' || ch == '\'' || ++ isQuote(ch) || + isdigit(CharOf(ch))) { + return 0; + } +@@ -3330,7 +3369,7 @@ extract_regis_option(RegisDataFragment *input, + TRACE(("looking at char '%c' in option '%c'\n", ch, *option)); + /* FIXME: any special rules for commas? */ + /* FIXME: handle escaped quotes */ +- if (ch == '\'' || ch == '"') { ++ if (isQuote(ch)) { + if (open_quote_ch == ch) { + open_quote_ch = '\0'; + } else { +@@ -5008,6 +5047,7 @@ parse_regis_command(RegisParseState *state) + static int + parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + { ++ XtermWidget xw = context->display_graphic->xw; + RegisDataFragment optionarg; + + if (!extract_regis_option(&state->input, &state->option, &optionarg)) +@@ -5586,13 +5626,18 @@ parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + state->option, fragment_to_tempstr(&optionarg))); + break; + } { +- char reply[64]; ++ unsigned err_code = 0U; ++ unsigned err_char = 0U; + + TRACE(("got report last error condition\n")); + /* FIXME: implement after adding error tracking */ +- sprintf(reply, "\"%u,%u\"\r", 0U, 0U); +- unparseputs(context->display_graphic->xw, reply); +- unparse_end(context->display_graphic->xw); ++ unparseputc(xw, D_QUOTE); ++ unparseputn(xw, err_code); ++ unparseputc(xw, ','); ++ unparseputn(xw, err_char); ++ unparseputc(xw, D_QUOTE); ++ unparseputc(xw, '\r'); ++ unparse_end(xw); + } + break; + case 'I': +@@ -5639,8 +5684,8 @@ parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + /* FIXME: implement arrow key movement */ + /* FIXME: implement button/key collection */ + +- unparseputs(context->display_graphic->xw, "\r"); +- unparse_end(context->display_graphic->xw); ++ unparseputc(xw, '\r'); ++ unparse_end(xw); + + skip_regis_whitespace(&optionarg); + if (!fragment_consumed(&optionarg)) { +@@ -5657,25 +5702,22 @@ parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + if (!fragment_consumed(&optionarg)) { + TRACE(("DATA_ERROR: unexpected arguments to ReGIS report command option '%c' arg \"%s\"\n", + state->option, fragment_to_tempstr(&optionarg))); +- break; +- } { +- char buffer[32]; +- +- if (state->load_index == MAX_REGIS_ALPHABETS) { +- /* If this happens something went wrong elsewhere. */ +- TRACE(("DATA_ERROR: unable to report current load alphabet\n")); +- unparseputs(context->display_graphic->xw, "A0\"\"\r"); +- unparse_end(context->display_graphic->xw); +- break; ++ } else if (state->load_index == MAX_REGIS_ALPHABETS) { ++ /* If this happens something went wrong elsewhere. */ ++ TRACE(("DATA_ERROR: unable to report current load alphabet\n")); ++ unparseputs(xw, "A0\"\"\r"); ++ unparse_end(xw); ++ } else { ++ int delim = pick_quote(state->load_name); ++ if (delim != '\0') { ++ unparseputs(xw, "A"); ++ unparseputn(xw, state->load_alphabet); ++ unparseputc(xw, delim); ++ unparseputs(xw, state->load_name); ++ unparseputc(xw, delim); + } +- +- unparseputs(context->display_graphic->xw, "A"); +- sprintf(buffer, "%u", state->load_alphabet); +- unparseputs(context->display_graphic->xw, buffer); +- unparseputs(context->display_graphic->xw, "\""); +- unparseputs(context->display_graphic->xw, state->load_name); +- unparseputs(context->display_graphic->xw, "\"\r"); +- unparse_end(context->display_graphic->xw); ++ unparseputc(xw, '\r'); ++ unparse_end(xw); + } + break; + case 'M': +@@ -5717,13 +5759,18 @@ parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + } + + if (name == '=') { +- char reply[64]; ++ unsigned max_available = 1000U; ++ unsigned cur_available = max_available; + + TRACE(("got report macrograph storage request\n")); + /* FIXME: Implement when macrographs are supported. */ +- sprintf(reply, "\"%u,%u\"\r", 1000U, 1000U); +- unparseputs(context->display_graphic->xw, reply); +- unparse_end(context->display_graphic->xw); ++ unparseputc(xw, D_QUOTE); ++ unparseputn(xw, cur_available); ++ unparseputc(xw, ','); ++ unparseputn(xw, max_available); ++ unparseputc(xw, D_QUOTE); ++ unparseputc(xw, '\r'); ++ unparse_end(xw); + } else if (name < 'A' || name > 'Z') { + TRACE(("DATA_ERROR: invalid macrograph name: \"%c\"\n", name)); + /* FIXME: what should happen? */ +@@ -5732,12 +5779,13 @@ parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + char temp[8]; + + TRACE(("got report macrograph request for name '%c'\n", name)); +- sprintf(temp, "@=%c", name); +- unparseputs(context->display_graphic->xw, temp); ++ unparseputs(xw, "@="); ++ unparseputc(xw, name); + /* FIXME: Allow this to be disabled for security reasons. */ + /* FIXME: implement when macrographs are supported. */ +- unparseputs(context->display_graphic->xw, "@;\r"); +- unparse_end(context->display_graphic->xw); ++ unparseputs(xw, "@;"); ++ unparseputc(xw, '\r'); ++ unparse_end(xw); + } + } + break; +@@ -5785,78 +5833,61 @@ parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + TRACE(("got report cursor position (output=%d)\n", output)); + + /* FIXME: look into supporting ANSI locator reports (DECLRP) */ ++ unparseputc(xw, L_BLOK); + if (output == 1) { +- char reply[64]; ++ /* FIXME: verify in absolute, not user, coordinates */ ++ unparseputn(xw, (unsigned) context->graphics_output_cursor_x); ++ unparseputc(xw, ','); ++ unparseputn(xw, (unsigned) context->graphics_output_cursor_y); ++ } else if (context->multi_input_mode) { ++ /* FIXME: track input coordinates */ ++ unsigned x = 0, y = 0; /* placeholders */ ++ ++ /* send CSI240~[x,y]\r with current input cursor location */ ++ ++ /* FIXME: verify no leading char or button sequence */ ++ /* FIXME: should we ever send an eight-bit CSI? */ + + /* FIXME: verify in absolute, not user, coordinates */ +- sprintf(reply, "[%d,%d]\r", +- context->graphics_output_cursor_x, +- context->graphics_output_cursor_y); +- unparseputs(context->display_graphic->xw, reply); +- unparse_end(context->display_graphic->xw); ++ TRACE(("sending multi-mode input report at %u,%u\n", x, y)); ++ unparseputn(xw, x); ++ unparseputc(xw, ','); ++ unparseputn(xw, y); + } else { +- char reply[64]; +- int x, y; +- +- if (context->multi_input_mode) { +- /* FIXME: track input coordinates */ +- x = y = 0; /* placeholders */ +- +- /* send CSI240~[x,y]\r with current input cursor location */ +- +- /* FIXME: verify no leading char or button sequence */ +- /* FIXME: should we ever send an eight-bit CSI? */ +- /* FIXME: verify in absolute, not user, coordinates */ +- TRACE(("sending multi-mode input report at %d,%d\n", +- x, y)); +- sprintf(reply, "[%d,%d]\r", x, y); +- unparseputs(context->display_graphic->xw, reply); +- unparse_end(context->display_graphic->xw); +- break; +- } else { +- char ch; +- +- /* FIXME: wait for first non-arrow keypress or mouse click, and don't update graphics while waiting */ +- ch = ' '; /* placeholder */ +- x = y = 0; /* placeholders */ +- +- /* send <key or button>[x,y]\r to report input cursor location */ +- +- /* null button: CSI240~ */ +- /* left button: CSI241~ */ +- /* middle button: CSI243~ */ +- /* right button: CSI245~ */ +- /* extra button: CSI247~ */ +- /* FIXME: support DECLBD to change button assignments */ +- /* FIXME: verify no leading char or button sequence */ +- TRACE(("sending one-shot input report with %c at %d,%d\n", +- ch, x, y)); +-#if 0 /* FIXME - dead code */ +- if (ch == '\r') { +- /* Return only reports the location. */ +- sprintf(reply, "[%d,%d]\r", x, y); +- } else if (ch == '\177') { +- /* DEL exits locator mode reporting nothing. */ +- sprintf(reply, "\r"); +- } else +-#endif +- { +- sprintf(reply, "%c[%d,%d]\r", ch, x, y); +- } +- unparseputs(context->display_graphic->xw, reply); +- unparse_end(context->display_graphic->xw); +- /* FIXME: exit one-shot mode and disable input cursor */ +- break; ++ ++ char ch = ' '; /* placeholder */ ++ unsigned x = 0, y = 0; /* placeholders */ ++ ++ /* FIXME: wait for first non-arrow keypress or mouse click, and don't update graphics while waiting */ ++ /* send <key or button>[x,y]\r to report input cursor location */ ++ ++ /* null button: CSI240~ */ ++ /* left button: CSI241~ */ ++ /* middle button: CSI243~ */ ++ /* right button: CSI245~ */ ++ /* extra button: CSI247~ */ ++ /* FIXME: support DECLBD to change button assignments */ ++ /* FIXME: verify no leading char or button sequence */ ++ TRACE(("sending one-shot input report with %c at %u,%u\n", ++ ch, x, y)); ++ if (ch != '\177') { ++ unparseputn(xw, x); ++ unparseputc(xw, ','); ++ unparseputn(xw, y); + } ++ /* FIXME: exit one-shot mode and disable input cursor */ + } ++ unparseputc(xw, R_BLOK); ++ unparseputc(xw, '\r'); ++ unparse_end(xw); + } + break; + default: + TRACE(("DATA_ERROR: sending empty report for unknown ReGIS report command option '%c' arg \"%s\"\n", + state->option, fragment_to_tempstr(&optionarg))); + /* Unknown report request types must receive empty reports. */ +- unparseputs(context->display_graphic->xw, "\r"); +- unparse_end(context->display_graphic->xw); ++ unparseputs(xw, "\r"); ++ unparse_end(xw); + break; + } + break; +@@ -6154,7 +6185,7 @@ parse_regis_option(RegisParseState *state, RegisGraphicsContext *context) + + TRACE(("using display page number: %d\n", page)); + context->display_page = (unsigned) page; +- map_regis_graphics_pages(context->display_graphic->xw, context); ++ map_regis_graphics_pages(xw, context); + } + break; + case 'T': +-- +2.35.7 + diff --git a/meta-oe/recipes-graphics/xorg-app/xterm_372.bb b/meta-oe/recipes-graphics/xorg-app/xterm_372.bb index 223bc0a498..84308b1848 100644 --- a/meta-oe/recipes-graphics/xorg-app/xterm_372.bb +++ b/meta-oe/recipes-graphics/xorg-app/xterm_372.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://xterm.h;beginline=3;endline=31;md5=5ec6748ed90e588caa SRC_URI = "http://invisible-mirror.net/archives/${BPN}/${BP}.tgz \ file://0001-Add-configure-time-check-for-setsid.patch \ file://CVE-2022-45063.patch \ + file://CVE-2023-40359.patch \ " SRC_URI[sha256sum] = "c6d08127cb2409c3a04bcae559b7025196ed770bb7bf26630abcb45d95f60ab1" diff --git a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb index 2ab5297949..a5271f08bd 100644 --- a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb +++ b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://driver/xscreensaver.h;endline=10;md5=c3ce41cdff745eb1 SRC_URI = "https://www.jwz.org/${BPN}/${BP}.tar.gz" SRC_URI[sha256sum] = "085484665d91f60b4a1dedacd94bcf9b74b0fb096bcedc89ff1c245168e5473b" +MIRRORS += "https://www.jwz.org/${BPN} https://ftp.osuosl.org/pub/blfs/conglomeration/${BPN}" + SRC_URI += " \ file://xscreensaver.service \ file://0001-build-Do-not-build-po-files.patch \ |