diff options
| author |   Archana Polampalli <archana.polampalli@windriver.com> | 2024-05-08 12:24:55 +0000 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2024-05-09 06:07:19 -0700 |
| commit | 32fc43f0c3c5481b2c38c2136706758dba054b6e (patch) | |
| tree | 0042b325b39b34e67071bc6851612cee02f70b7d | |
| parent | 24fd9b6756728a0337100f53a1c6e92aba092f9d (diff) | |
| download | openembedded-core-contrib-32fc43f0c3c5481b2c38c2136706758dba054b6e.tar.gz | |
xserver-xorg: fix CVE-2024-31082
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch | 52 | ||||
| -rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch new file mode 100644 index 0000000000..81d76977bb --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch @@ -0,0 +1,52 @@ +From 6c684d035c06fd41c727f0ef0744517580864cef Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Fri, 22 Mar 2024 19:07:34 -0700 +Subject: [PATCH] Xquartz: ProcAppleDRICreatePixmap needs to use unswapped + length to send reply + +CVE-2024-31082 + +Fixes: 14205ade0 ("XQuartz: appledri: Fix byte swapping in replies") +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463> + +CVE: CVE-2024-31082 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd4] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + hw/xquartz/xpr/appledri.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/xquartz/xpr/appledri.c b/hw/xquartz/xpr/appledri.c +index 7757465..40422b6 100644 +--- a/hw/xquartz/xpr/appledri.c ++++ b/hw/xquartz/xpr/appledri.c +@@ -272,6 +272,7 @@ ProcAppleDRICreatePixmap(ClientPtr client) + xAppleDRICreatePixmapReply rep; + int width, height, pitch, bpp; + void *ptr; ++ CARD32 stringLength; + + REQUEST_SIZE_MATCH(xAppleDRICreatePixmapReq); + +@@ -307,6 +308,7 @@ ProcAppleDRICreatePixmap(ClientPtr client) + if (sizeof(rep) != sz_xAppleDRICreatePixmapReply) + ErrorF("error sizeof(rep) is %zu\n", sizeof(rep)); + ++ stringLength = rep.stringLength; /* save unswapped value */ + if (client->swapped) { + swaps(&rep.sequenceNumber); + swapl(&rep.length); +@@ -319,7 +321,7 @@ ProcAppleDRICreatePixmap(ClientPtr client) + } + + WriteToClient(client, sizeof(rep), &rep); +- WriteToClient(client, rep.stringLength, path); ++ WriteToClient(client, stringLength, path); + + return Success; + } +-- +2.40.0 diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index b9eed92103..0a8cb7d81a 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -18,6 +18,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2024-0409.patch \ file://CVE-2024-31080.patch \ file://CVE-2024-31081.patch \ + file://CVE-2024-31082.patch \ " SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" |