diff options
| author |   Chee Yang Lee <chee.yang.lee@intel.com> | 2020-09-21 17:29:04 +0800 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2020-09-28 07:55:37 -1000 |
| commit | 5919afe43083d9d0b818c26ca4d6c175efa0f7b5 (patch) | |
| tree | 6b07873d2b5760e9ffb53b9389bf229414fdccdb | |
| parent | d485870543fbc111832735ae713b2ec405ce78fa (diff) | |
| download | openembedded-core-contrib-5919afe43083d9d0b818c26ca4d6c175efa0f7b5.tar.gz | |
libx11: fix CVE-2020-14363
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch | 36 | ||||
| -rw-r--r-- | meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb | 1 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch new file mode 100644 index 0000000000..60045e2890 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14363.patch @@ -0,0 +1,36 @@ +From acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Thu, 13 Aug 2020 18:02:58 +0200 +Subject: [PATCH] Fix an integer overflow in init_om() + +CVE-2020-14363 + +This can lead to a double free later, as reported by Jayden Rivers. + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> + +Upstream-Status: Backport +[https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d] +CVE: CVE-2020-14363 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + modules/om/generic/omGeneric.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c +index c44acb88..406cec93 100644 +--- a/modules/om/generic/omGeneric.c ++++ b/modules/om/generic/omGeneric.c +@@ -1908,7 +1908,8 @@ init_om( + char **required_list; + XOrientation *orientation; + char **value, buf[BUFSIZ], *bufptr; +- int count = 0, num = 0, length = 0; ++ int count = 0, num = 0; ++ unsigned int length = 0; + + _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count); + if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0) +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb index 84e0e4457e..ebd2640743 100644 --- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb +++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb @@ -14,6 +14,7 @@ SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \ file://disable_tests.patch \ file://libx11-whitespace.patch \ file://CVE-2020-14344.patch \ + file://CVE-2020-14363.patch \ " SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2" |