From patchwork Mon May 13 12:18:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 43501 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 518F0C25B10 for ; Mon, 13 May 2024 12:18:29 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web11.58752.1715602700532728208 for ; Mon, 13 May 2024 05:18:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=cQYMUjRO; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1ed96772f92so34667835ad.0 for ; Mon, 13 May 2024 05:18:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1715602700; x=1716207500; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0GJsDKjo/1yxtSTYL9koEbC4h+xVUEEj3kUncyP2cMc=; b=cQYMUjRO+EMPGxUtSIhaZKMaj8/LQdwnbIDkIHhuHAX6KgiwIWPEDIWheLCl4ABSDh KTtnbWlQ13Q8fzkMW+A64DoTareal+QeAcSa4E6s0hTI8R9g8UuaV5Zf5uT4xbQ5bT0l u0BiSsIxMtTXbQZQUBnjU3tAxsbSlUTnq95LPvSg9zZeOHyFSav39dYS4l+zEKMhymNJ 6uocFsEBwNIhi4zBuJ+Hw5NEKBBOQ/46AD5DJhYTNNo3YEWXMo2OgSMO2tJbZgEsCk/p Iyu9yday8F88RWbzv3+L9Pfg5ORgimgIWEVkzUWbXarnsr7D0F71BTjNYZyO8aPXaz1M nrUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715602700; x=1716207500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0GJsDKjo/1yxtSTYL9koEbC4h+xVUEEj3kUncyP2cMc=; b=O+MD4VgezoplaW5KrE6X0YgTC6oJVJSXr11myqflJpHavfLMAhJcVz7nxLjHO4g1qF 9kFvbgS1rFI7mmQOkldrjVnog8cR+l5Fr5QSha6kXPX/aG1B+19AURzxG9V6LWFUuShM sBzAYCaRCYah6nFjJpO0XjxdOMTFSjEP+ZdsYx0Y1mOwbpLYQxlJtOrRO0UxwH7SLwov jDKhO8YGPnRlYRHoI/bC4xAWZ3q5XaF6kO+0LacNWzfmnbfKGbvjF4gkIL2uhHOZ/QiD Hi4F8dllhxyRCc5K06FWdM0DO9SxByUzwYCj7hdhq/u9FVlbia0F9UM+sRTDM/SkRW8B RtIg== X-Gm-Message-State: AOJu0YwHff3A01bDgc9Eo74iaCIi3GiCf/5wMfjtjw3gSHLXlpIEC09Z x0aPnH0OG0LakSwDC1a6TUfsPXx/i13tON9F2TQEQYdjjVXzZVYxSSh6CuKY1VibcrJ8vZJ+kqK 6HoM= X-Google-Smtp-Source: AGHT+IGWnhdOEVWF407/Zz2VIU1o2/SURNdkBxPpC7+g1MhbErD8j6++p1IPUmv9KCIq5nsG7/qXhg== X-Received: by 2002:a17:902:db09:b0:1e4:2451:c2b5 with SMTP id d9443c01a7336-1ef43c0f6d1mr123374605ad.13.1715602699511; Mon, 13 May 2024 05:18:19 -0700 (PDT) Received: from xps13.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bf30b85sm77599225ad.181.2024.05.13.05.18.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 05:18:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 1/6] xserver-xorg: fix CVE-2024-31082 Date: Mon, 13 May 2024 05:18:07 -0700 Message-Id: <32fc43f0c3c5481b2c38c2136706758dba054b6e.1715602539.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 13 May 2024 12:18:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/199233 From: Archana Polampalli Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../xserver-xorg/CVE-2024-31082.patch | 52 +++++++++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch new file mode 100644 index 0000000000..81d76977bb --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch @@ -0,0 +1,52 @@ +From 6c684d035c06fd41c727f0ef0744517580864cef Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Fri, 22 Mar 2024 19:07:34 -0700 +Subject: [PATCH] Xquartz: ProcAppleDRICreatePixmap needs to use unswapped + length to send reply + +CVE-2024-31082 + +Fixes: 14205ade0 ("XQuartz: appledri: Fix byte swapping in replies") +Signed-off-by: Alan Coopersmith +Part-of: + +CVE: CVE-2024-31082 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd4] + +Signed-off-by: Archana Polampalli +--- + hw/xquartz/xpr/appledri.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/xquartz/xpr/appledri.c b/hw/xquartz/xpr/appledri.c +index 7757465..40422b6 100644 +--- a/hw/xquartz/xpr/appledri.c ++++ b/hw/xquartz/xpr/appledri.c +@@ -272,6 +272,7 @@ ProcAppleDRICreatePixmap(ClientPtr client) + xAppleDRICreatePixmapReply rep; + int width, height, pitch, bpp; + void *ptr; ++ CARD32 stringLength; + + REQUEST_SIZE_MATCH(xAppleDRICreatePixmapReq); + +@@ -307,6 +308,7 @@ ProcAppleDRICreatePixmap(ClientPtr client) + if (sizeof(rep) != sz_xAppleDRICreatePixmapReply) + ErrorF("error sizeof(rep) is %zu\n", sizeof(rep)); + ++ stringLength = rep.stringLength; /* save unswapped value */ + if (client->swapped) { + swaps(&rep.sequenceNumber); + swapl(&rep.length); +@@ -319,7 +321,7 @@ ProcAppleDRICreatePixmap(ClientPtr client) + } + + WriteToClient(client, sizeof(rep), &rep); +- WriteToClient(client, rep.stringLength, path); ++ WriteToClient(client, stringLength, path); + + return Success; + } +-- +2.40.0 diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index b9eed92103..0a8cb7d81a 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -18,6 +18,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2024-0409.patch \ file://CVE-2024-31080.patch \ file://CVE-2024-31081.patch \ + file://CVE-2024-31082.patch \ " SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" From patchwork Mon May 13 12:18:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 43503 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7842EC25B79 for ; Mon, 13 May 2024 12:18:29 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.58494.1715602701990650139 for ; Mon, 13 May 2024 05:18:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RoJM73SF; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1e50a04c317so22271425ad.1 for ; Mon, 13 May 2024 05:18:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1715602701; x=1716207501; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lRFSOynMZXZsQQNt7BAW4VbYkJIH/6jY0ck+JPNbLwE=; b=RoJM73SF98Y2e4qXVPU4YrSxI+AUYn+teUGvJ7xsPtBOInOpkdhoj345SF2HHvNSpn Er/n3g+yuajQ2tgZuIMKayk8lNMFrd43lshAOOo859GBsLZxymCPWAR4xz7cZo8nhMdm +lLGCu6Q605+rdHOkQ7A+ZbqsdmZqPwoELkGoNNLRIot2t4pC4x1KMFH6QnBbJ0DPpZD 97UzlAj9vHJHPzywW71iA7pmgw1H+5s21tbzL+5sHQdhv9NzMI73oO1nfLTa8KhkERSD Ih7onxTjV738F7SKLb1dNnnFhbn0tMGv7FX6IOwjY0DqkAWGN8yu+FW/Ee/NWRk5D41m 2zkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715602701; x=1716207501; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lRFSOynMZXZsQQNt7BAW4VbYkJIH/6jY0ck+JPNbLwE=; b=bT6V2GfvV3TsuZti+cZvAIuumFu546xv72G/M8m6RLxecv+JpzT/HbvnZ1yMOHvvqt nD7O7sLpdTaI07W8wpaCDOXR9JVTvnq3Bd0sBlXGGuqi7nuh6CLy1GCHGIIsv8pei4PA MKpQc4RaRwJJtyH5UsWPYPHW0Ti7AFBKfuxG4iSGsDFTzUQeAi6wImQAc9+b/ZgPE8ix 7L/rsTwYcPA+XiPADmpCvWGcn6ggW+LXm0ujXdJz/FIBJHQjGLm1hdYoIXSttgBLsvoB fuFv5ojR/XgO3zhQdUuFmWU0HKpAoOQt7cZX0X0TbrvbYwFKhV6sxqXgRmkF1ozXTVaE PdAg== X-Gm-Message-State: AOJu0YzD2vhS0to6fC6AOgRfbpyTHXdWkiHWGI784RcbDC0YeqafHnW+ UDxvlAJq5T+qP25VxGAKX5u3OilWQqgydm8RmvU9zJICyAb+SFZFlgQ/tlCuPvflUnrF3qR04/T UVok= X-Google-Smtp-Source: AGHT+IFBBFEb9ndjADTHcB3SSUhpVefL8ZcNjVGYayYHQonDz4CdyNXy60BzJDxPmAJ64p6LAiXuww== X-Received: by 2002:a17:903:1ce:b0:1e3:d4eb:a0f2 with SMTP id d9443c01a7336-1ef4404956emr109939085ad.51.1715602701052; Mon, 13 May 2024 05:18:21 -0700 (PDT) Received: from xps13.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bf30b85sm77599225ad.181.2024.05.13.05.18.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 05:18:20 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 2/6] xserver-xorg: fix CVE-2024-31083 Date: Mon, 13 May 2024 05:18:08 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 13 May 2024 12:18:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/199234 From: Archana Polampalli FreeGlyph() function declared in render/glyphstr_priv.h, it is not present in current recipe version and introduced in later versions, added this change to render/glyphstr.h Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../xserver-xorg/CVE-2024-31083-0001.patch | 117 ++++++++++++++++++ .../xserver-xorg/CVE-2024-31083-0002.patch | 76 ++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 2 + 3 files changed, 195 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch new file mode 100644 index 0000000000..1ef9d933ae --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch @@ -0,0 +1,117 @@ +From bdca6c3d1f5057eeb31609b1280fc93237b00c77 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 30 Jan 2024 13:13:35 +1000 +Subject: [PATCH] render: fix refcounting of glyphs during ProcRenderAddGlyphs + +Previously, AllocateGlyph would return a new glyph with refcount=0 and a +re-used glyph would end up not changing the refcount at all. The +resulting glyph_new array would thus have multiple entries pointing to +the same non-refcounted glyphs. + +AddGlyph may free a glyph, resulting in a UAF when the same glyph +pointer is then later used. + +Fix this by returning a refcount of 1 for a new glyph and always +incrementing the refcount for a re-used glyph, followed by dropping that +refcount back down again when we're done with it. + +CVE-2024-31083, ZDI-CAN-22880 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Part-of: + +CVE: CVE-2024-31083 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057ee] + +Signed-off-by: Archana Polampalli +--- + render/glyph.c | 5 +++-- + render/glyphstr.h | 2 ++ + render/render.c | 15 +++++++++++---- + 3 files changed, 16 insertions(+), 6 deletions(-) + +diff --git a/render/glyph.c b/render/glyph.c +index f3ed9cf..d5fc5f3 100644 +--- a/render/glyph.c ++++ b/render/glyph.c +@@ -245,10 +245,11 @@ FreeGlyphPicture(GlyphPtr glyph) + } + } + +-static void ++void + FreeGlyph(GlyphPtr glyph, int format) + { + CheckDuplicates(&globalGlyphs[format], "FreeGlyph"); ++ BUG_RETURN(glyph->refcnt == 0); + if (--glyph->refcnt == 0) { + GlyphRefPtr gr; + int i; +@@ -354,7 +355,7 @@ AllocateGlyph(xGlyphInfo * gi, int fdepth) + glyph = (GlyphPtr) malloc(size); + if (!glyph) + return 0; +- glyph->refcnt = 0; ++ glyph->refcnt = 1; + glyph->size = size + sizeof(xGlyphInfo); + glyph->info = *gi; + dixInitPrivates(glyph, (char *) glyph + head_size, PRIVATE_GLYPH); +diff --git a/render/glyphstr.h b/render/glyphstr.h +index 2f51bd2..68f8c9e 100644 +--- a/render/glyphstr.h ++++ b/render/glyphstr.h +@@ -117,6 +117,8 @@ extern GlyphSetPtr AllocateGlyphSet(int fdepth, PictFormatPtr format); + extern int + FreeGlyphSet(void *value, XID gid); + ++void FreeGlyph(GlyphPtr glyph, int format); ++ + #define GLYPH_HAS_GLYPH_PICTURE_ACCESSOR 1 /* used for api compat */ + extern _X_EXPORT PicturePtr + GetGlyphPicture(GlyphPtr glyph, ScreenPtr pScreen); +diff --git a/render/render.c b/render/render.c +index 456f156..5bc2a20 100644 +--- a/render/render.c ++++ b/render/render.c +@@ -1076,6 +1076,7 @@ ProcRenderAddGlyphs(ClientPtr client) + + if (glyph_new->glyph && glyph_new->glyph != DeletedGlyph) { + glyph_new->found = TRUE; ++ ++glyph_new->glyph->refcnt; + } + else { + GlyphPtr glyph; +@@ -1168,8 +1169,10 @@ ProcRenderAddGlyphs(ClientPtr client) + err = BadAlloc; + goto bail; + } +- for (i = 0; i < nglyphs; i++) ++ for (i = 0; i < nglyphs; i++) { + AddGlyph(glyphSet, glyphs[i].glyph, glyphs[i].id); ++ FreeGlyph(glyphs[i].glyph, glyphSet->fdepth); ++ } + + if (glyphsBase != glyphsLocal) + free(glyphsBase); +@@ -1179,9 +1182,13 @@ ProcRenderAddGlyphs(ClientPtr client) + FreePicture((void *) pSrc, 0); + if (pSrcPix) + FreeScratchPixmapHeader(pSrcPix); +- for (i = 0; i < nglyphs; i++) +- if (glyphs[i].glyph && !glyphs[i].found) +- free(glyphs[i].glyph); ++ for (i = 0; i < nglyphs; i++) { ++ if (glyphs[i].glyph) { ++ --glyphs[i].glyph->refcnt; ++ if (!glyphs[i].found) ++ free(glyphs[i].glyph); ++ } ++ } + if (glyphsBase != glyphsLocal) + free(glyphsBase); + return err; +-- +2.40.0 diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch new file mode 100644 index 0000000000..3cea29f001 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch @@ -0,0 +1,76 @@ +From 337d8d48b618d4fc0168a7b978be4c3447650b04 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Fri, 5 Apr 2024 15:24:49 +0200 +Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs() + ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and + then frees it using FreeGlyph() to decrease the reference count, after + AddGlyph() has increased it. + +AddGlyph() however may chose to reuse an existing glyph if it's already +in the glyphSet, and free the glyph that was given, in which case the +caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an +already freed glyph, as reported by ASan: + + READ of size 4 thread T0 + #0 in FreeGlyph xserver/render/glyph.c:252 + #1 in ProcRenderAddGlyphs xserver/render/render.c:1174 + #2 in Dispatch xserver/dix/dispatch.c:546 + #3 in dix_main xserver/dix/main.c:271 + #4 in main xserver/dix/stubmain.c:34 + #5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 + #6 in __libc_start_main_impl ../csu/libc-start.c:360 + #7 (/usr/bin/Xwayland+0x44fe4) + Address is located 0 bytes inside of 64-byte region + freed by thread T0 here: + #0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52 + #1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538 + #2 in AddGlyph xserver/render/glyph.c:295 + #3 in ProcRenderAddGlyphs xserver/render/render.c:1173 + #4 in Dispatch xserver/dix/dispatch.c:546 + #5 in dix_main xserver/dix/main.c:271 + #6 in main xserver/dix/stubmain.c:34 + #7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 + previously allocated by thread T0 here: + #0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 in AllocateGlyph xserver/render/glyph.c:355 + #2 in ProcRenderAddGlyphs xserver/render/render.c:1085 + #3 in Dispatch xserver/dix/dispatch.c:546 + #4 in dix_main xserver/dix/main.c:271 + #5 in main xserver/dix/stubmain.c:34 + #6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 + SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph + +To avoid that, make sure not to free the given glyph in AddGlyph(). + +v2: Simplify the test using the boolean returned from AddGlyph() (Michel) +v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter) + +Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs +Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659 +Signed-off-by: Olivier Fourdan +Part-of: + +CVE: CVE-2024-31083 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc] + +Signed-off-by: Archana Polampalli +--- + render/glyph.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/render/glyph.c b/render/glyph.c +index d5fc5f3..f5069d4 100644 +--- a/render/glyph.c ++++ b/render/glyph.c +@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id) + gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature, + TRUE, glyph->sha1); + if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) { +- FreeGlyphPicture(glyph); +- dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH); + glyph = gr->glyph; + } + else if (gr->glyph != glyph) { +-- +2.40.0 diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index 0a8cb7d81a..fe577050d9 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -19,6 +19,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2024-31080.patch \ file://CVE-2024-31081.patch \ file://CVE-2024-31082.patch \ + file://CVE-2024-31083-0001.patch \ + file://CVE-2024-31083-0002.patch \ " SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" From patchwork Mon May 13 12:18:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 43506 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85EF2C25B7A for ; Mon, 13 May 2024 12:18:29 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web11.58753.1715602703542971906 for ; Mon, 13 May 2024 05:18:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=yrflp0Xn; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1ecc23e6c9dso26917435ad.2 for ; Mon, 13 May 2024 05:18:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1715602703; x=1716207503; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0PwwVO16PUEiypLLYTxQ73kQYnxeuDUJ+Wi6kkC3TMU=; b=yrflp0XnYAJapjA/+H/H52ibwVBCK6cqoUWN3H1UpQuGGyak1LCSsurl8dtufvA2ku qedY3+kXfnLcsEOXqIP4RbnEhrG/x2rVuJQcc9UR7EM7d2kEjsugChy9qebWR8PQhTmv N9d5jxt36FsMLjt4nS7kEYQXyXgOZta/DBFJg0Suc3DvycO9k5QUhhD157CVB84M4ujo G9Dcr/G8G0imHnFVQRdDKwid0uW0wlBbnvjzG4zClaQvVvQoE0KX+CGRAHBUe5cSeDao AvJKc8eNjMccRjhR1pBV2iu8gThUyuk8DfMoukuREUIgOYFXh5/2W8mlyrcxWz+OBzkL s0zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715602703; x=1716207503; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0PwwVO16PUEiypLLYTxQ73kQYnxeuDUJ+Wi6kkC3TMU=; b=EUiADc6icuqRdT7br1us3sbDRCGC1NPHJNctOErzom7G7HaS0Enafokr2d1APq5sPR /qmgQgRXFlcUUQWvAaHn7aHaBcvTW4aezVsZjI/lY6GyqISltae5WbNomugzD/mS9Uye QmI1LP57MLZcvEudd1QmkuercqOjZFlhJAHB7bN8+t1iDDgI6YL00copHbugmjiP1euQ Ryda5hNeRf5I0I2AGT3TvBNnG57zQNKuv1klop8SuNqNwrZnoM+espZi6HNmby4q4dHB ybPAI6Ffd021OG50yS9YgmRLPpTk2TL90w8qniJ9d22741btcrcGtxEYdKy4nIElZ6Tr TUsg== X-Gm-Message-State: AOJu0YyN5djR0jaNzY/0encj/ysw2FHCGpD+0s5M1DbDzs7KVj1dc4Q3 6uGGZWdVmfaNsWbR8J2hlmBJqghEap0GwY+aO+wx8HLH+O7RtaDZ2Rs8puZonlHTypm/+SPbmhj Hhi8= X-Google-Smtp-Source: AGHT+IG3VZopxoKgMzAESOtR41QqgSCTZwFQqx08wRyKLC9WxGjCPL+NFR6Z5g3c6FsCG8S6tvT52g== X-Received: by 2002:a17:902:a389:b0:1e9:6609:37d4 with SMTP id d9443c01a7336-1ef43d0a0a4mr85795935ad.9.1715602702625; Mon, 13 May 2024 05:18:22 -0700 (PDT) Received: from xps13.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bf30b85sm77599225ad.181.2024.05.13.05.18.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 05:18:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 3/6] bluez5: Fix CVE-2023-27349 CVE-2023-50229 & CVE-2023-50230 Date: Mon, 13 May 2024 05:18:09 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 13 May 2024 12:18:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/199235 From: Vijay Anusuri Upstream-Status: Backport [https://github.com/bluez/bluez/commit/f54299a850676d92c3dafd83e9174fcfe420ccc9 & https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/bluez5/bluez5.inc | 2 + .../bluez5/bluez5/CVE-2023-27349.patch | 48 +++++++++++++ .../CVE-2023-50229_CVE-2023-50230.patch | 67 +++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 7786b65670..97193a5f1c 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -55,6 +55,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ file://CVE-2023-45866.patch \ + file://CVE-2023-27349.patch \ + file://CVE-2023-50229_CVE-2023-50230.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch new file mode 100644 index 0000000000..946208099a --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch @@ -0,0 +1,48 @@ +From f54299a850676d92c3dafd83e9174fcfe420ccc9 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Wed, 22 Mar 2023 11:34:24 -0700 +Subject: [PATCH] avrcp: Fix crash while handling unsupported events + +The following crash can be observed if the remote peer send and +unsupported event: + +ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11 + at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0 + WRITE of size 1 at 0x60b000148f11 thread T0 + #0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907 + #1 0x559644536c22 in control_response profiles/audio/avctp.c:939 + #2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108 + #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) + #4 0x7fbcb3ea66c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7) + #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2) + #6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66 + #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188 + #8 0x5596445bb963 in main src/main.c:1289 + #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 + #10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392 + #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224) + +Upstream-Status: Backport [https://github.com/bluez/bluez/commit/f54299a850676d92c3dafd83e9174fcfe420ccc9] +CVE: CVE-2023-27349 +Signed-off-by: Vijay Anusuri +--- + profiles/audio/avrcp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c +index 80f34c7a77..dda9a303fb 100644 +--- a/profiles/audio/avrcp.c ++++ b/profiles/audio/avrcp.c +@@ -3901,6 +3901,12 @@ static gboolean avrcp_handle_event(struct avctp *conn, uint8_t code, + case AVRCP_EVENT_UIDS_CHANGED: + avrcp_uids_changed(session, pdu); + break; ++ default: ++ if (event > AVRCP_EVENT_LAST) { ++ warn("Unsupported event: %u", event); ++ return FALSE; ++ } ++ break; + } + + session->registered_events |= (1 << event); diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch new file mode 100644 index 0000000000..92684d8210 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch @@ -0,0 +1,67 @@ +From 5ab5352531a9cc7058cce569607f3a6831464443 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Tue, 19 Sep 2023 12:14:01 -0700 +Subject: [PATCH] pbap: Fix not checking Primary/Secundary Counter length + +Primary/Secundary Counters are supposed to be 16 bytes values, if the +server has implemented them incorrectly it may lead to the following +crash: + +================================================================= +==31860==ERROR: AddressSanitizer: heap-buffer-overflow on address +0x607000001878 at pc 0x7f95a1575638 bp 0x7fff58c6bb80 sp 0x7fff58c6b328 + + READ of size 48 at 0x607000001878 thread T0 + #0 0x7f95a1575637 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860 + #1 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892 + #2 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887 + #3 0x564df69c77a0 in read_version obexd/client/pbap.c:288 + #4 0x564df69c77a0 in read_return_apparam obexd/client/pbap.c:352 + #5 0x564df69c77a0 in phonebook_size_callback obexd/client/pbap.c:374 + #6 0x564df69bea3c in session_terminate_transfer obexd/client/session.c:921 + #7 0x564df69d56b0 in get_xfer_progress_first obexd/client/transfer.c:729 + #8 0x564df698b9ee in handle_response gobex/gobex.c:1140 + #9 0x564df698cdea in incoming_data gobex/gobex.c:1385 + #10 0x7f95a12fdc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) + #11 0x7f95a13526c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7) + #12 0x7f95a12fd2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2) + #13 0x564df6977d41 in main obexd/src/main.c:307 + #14 0x7f95a10a7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 + #15 0x7f95a10a7e3f in __libc_start_main_impl ../csu/libc-start.c:392 + #16 0x564df6978704 in _start (/usr/local/libexec/bluetooth/obexd+0x8b704) + 0x607000001878 is located 0 bytes to the right of 72-byte region [0x607000001830,0x607000001878) + + allocated by thread T0 here: + #0 0x7f95a1595a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 + #1 0x564df69c8b6a in pbap_probe obexd/client/pbap.c:1259 + +Upstream-Status: Backport [https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443] +CVE: CVE-2023-50229 CVE-2023-50230 +Signed-off-by: Vijay Anusuri +--- + obexd/client/pbap.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c +index 1ed8c68ecc..2d2aa95089 100644 +--- a/obexd/client/pbap.c ++++ b/obexd/client/pbap.c +@@ -285,7 +285,7 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam) + data = value; + } + +- if (memcmp(pbap->primary, data, len)) { ++ if (len == sizeof(pbap->primary) && memcmp(pbap->primary, data, len)) { + memcpy(pbap->primary, data, len); + g_dbus_emit_property_changed(conn, + obc_session_get_path(pbap->session), +@@ -299,7 +299,8 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam) + data = value; + } + +- if (memcmp(pbap->secondary, data, len)) { ++ if (len == sizeof(pbap->secondary) && ++ memcmp(pbap->secondary, data, len)) { + memcpy(pbap->secondary, data, len); + g_dbus_emit_property_changed(conn, + obc_session_get_path(pbap->session), From patchwork Mon May 13 12:18:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 43505 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0616C25B7B for ; Mon, 13 May 2024 12:18:29 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.58754.1715602704735923880 for ; Mon, 13 May 2024 05:18:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=GrgOjjgl; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1ee5235f5c9so32197805ad.2 for ; Mon, 13 May 2024 05:18:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1715602704; x=1716207504; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fC7C5vXMLOZCTLnWgeWGYPywrTNk/ZsS+y27pcllK0I=; b=GrgOjjglGUpQ0OmeJ2WLSLbG+8JN2bUAdoY4iEzaKeUc27BdgkBqkctq5YiRyQh661 2q/wf0MVqi+zIB+Ely+x6AoMH95oqBdkEU+DngtXKFNLMF0jm17XB0lyHD50xaPIoL6W cArl87HhXHFJ3uWEGjOkAqBc/GkS3Bp6IqciOBvcXNj3z4pPlAjQG52Avou/f8q/HxSB GWtvzuZUEuZ8JZHdCiXHn9+BRgxr7d93R3x6z1jHZi3AlSv5MaKJyDUFT1sQI9ApoxEj E3vKU/qRhp2O5ijkab4+0PjztktT3kEALGGG5BcoP5ieh2p/f5HjEn9l0NEGfP8RqQBC VA/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715602704; x=1716207504; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fC7C5vXMLOZCTLnWgeWGYPywrTNk/ZsS+y27pcllK0I=; b=UcZkaAdnOxpFiVLx924I+HQewGFlaC7NSWbzmvIg0d9NeXBV6Nh6x9ERiqo5E9Oq1A ++8iDlJ3zkm4cl+XofVvspCxmzj9yXZ9nLVF0LSfyefLmB4pC//ARKqiD6FlCOKol6Dd FBgSS7tadfabBSZwwSFiRcNOulI1oT8yPeH00YikOsBuMgZZatvPOdm+pl/qVwdEeuk0 SY+cDrLPcR5AXT8vZe4xjC7eunpHYDQF2uMIo7xJgfyyy0i/W9Wp2M2F0J21DNqiSj7i vAf7GgQXYMWXpLg0xODGwU2jDT2bBpUX2dfA02aQMgd29zCT0ZU85/Yuip8LowYpYp/C NiNg== X-Gm-Message-State: AOJu0YwCWIQn1ifXku9AT/hIy+/DwTYETRTmzU7eltoOR4/ARiPECoGl QGHeekTxvFm7w6QnodImbaQ5VUA73lRoa3fO5NicXXNjJS+oCieH3Yso205QxKpDXXCMsW7PBNM 3rRo= X-Google-Smtp-Source: AGHT+IFDc5gZQIL1aLfEpkLcjuVtEqckaXHGEiE8ofqkG/W52Ohf3V/Thkskqstih/+8Fb7F+2b+qQ== X-Received: by 2002:a17:903:2306:b0:1ec:53de:a527 with SMTP id d9443c01a7336-1ef4405999amr117682285ad.59.1715602703966; Mon, 13 May 2024 05:18:23 -0700 (PDT) Received: from xps13.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bf30b85sm77599225ad.181.2024.05.13.05.18.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 05:18:23 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 4/6] gstreamer1.0-plugins-bad: fix CVE-2023-50186 Date: Mon, 13 May 2024 05:18:10 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 13 May 2024 12:18:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/199236 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a46737a73155fe1c19fa5115df40da35426f9fb5] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../CVE-2023-50186.patch | 70 +++++++++++++++++++ .../gstreamer1.0-plugins-bad_1.20.7.bb | 1 + 2 files changed, 71 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch new file mode 100644 index 0000000000..86bae8fcaa --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch @@ -0,0 +1,70 @@ +From a46737a73155fe1c19fa5115df40da35426f9fb5 Mon Sep 17 00:00:00 2001 +From: Seungha Yang +Date: Thu, 23 Nov 2023 20:24:42 +0900 +Subject: [PATCH] av1parser: Fix array sizes in scalability structure + +Since the AV1 specification is not explicitly mentioning about +the array size bounds, array sizes in scalability structure +should be defined as possible maximum sizes that can have. + +Also, this commit removes GST_AV1_MAX_SPATIAL_LAYERS define from +public header which is API break but the define is misleading +and this patch is introducing ABI break already + +ZDI-CAN-22300 + +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a46737a73155fe1c19fa5115df40da35426f9fb5] +CVE: CVE-2023-50186 +Signed-off-by: Vijay Anusuri +--- + gst-libs/gst/codecparsers/gstav1parser.h | 11 +++++------ + gst/videoparsers/gstav1parse.c | 2 +- + 2 files changed, 6 insertions(+), 7 deletions(-) + +diff --git a/gst-libs/gst/codecparsers/gstav1parser.h b/gst-libs/gst/codecparsers/gstav1parser.h +index 31f5945..ef6ce9e 100644 +--- a/gst-libs/gst/codecparsers/gstav1parser.h ++++ b/gst-libs/gst/codecparsers/gstav1parser.h +@@ -71,9 +71,8 @@ G_BEGIN_DECLS + #define GST_AV1_MAX_TILE_COUNT 512 + #define GST_AV1_MAX_OPERATING_POINTS \ + (GST_AV1_MAX_NUM_TEMPORAL_LAYERS * GST_AV1_MAX_NUM_SPATIAL_LAYERS) +-#define GST_AV1_MAX_SPATIAL_LAYERS 2 /* correct? */ +-#define GST_AV1_MAX_TEMPORAL_GROUP_SIZE 8 /* correct? */ +-#define GST_AV1_MAX_TEMPORAL_GROUP_REFERENCES 8 /* correct? */ ++#define GST_AV1_MAX_TEMPORAL_GROUP_SIZE 255 ++#define GST_AV1_MAX_TEMPORAL_GROUP_REFERENCES 7 + #define GST_AV1_MAX_NUM_Y_POINTS 16 + #define GST_AV1_MAX_NUM_CB_POINTS 16 + #define GST_AV1_MAX_NUM_CR_POINTS 16 +@@ -968,9 +967,9 @@ struct _GstAV1MetadataScalability { + gboolean spatial_layer_dimensions_present_flag; + gboolean spatial_layer_description_present_flag; + gboolean temporal_group_description_present_flag; +- guint16 spatial_layer_max_width[GST_AV1_MAX_SPATIAL_LAYERS]; +- guint16 spatial_layer_max_height[GST_AV1_MAX_SPATIAL_LAYERS]; +- guint8 spatial_layer_ref_id[GST_AV1_MAX_SPATIAL_LAYERS]; ++ guint16 spatial_layer_max_width[GST_AV1_MAX_NUM_SPATIAL_LAYERS]; ++ guint16 spatial_layer_max_height[GST_AV1_MAX_NUM_SPATIAL_LAYERS]; ++ guint8 spatial_layer_ref_id[GST_AV1_MAX_NUM_SPATIAL_LAYERS]; + guint8 temporal_group_size; + + guint8 temporal_group_temporal_id[GST_AV1_MAX_TEMPORAL_GROUP_SIZE]; +diff --git a/gst/videoparsers/gstav1parse.c b/gst/videoparsers/gstav1parse.c +index f127856..ef1bc74 100644 +--- a/gst/videoparsers/gstav1parse.c ++++ b/gst/videoparsers/gstav1parse.c +@@ -1229,7 +1229,7 @@ gst_av1_parse_handle_sequence_obu (GstAV1Parse * self, GstAV1OBU * obu) + } + + val = (self->parser->state.operating_point_idc >> 8) & 0x0f; +- for (i = 0; i < (1 << GST_AV1_MAX_SPATIAL_LAYERS); i++) { ++ for (i = 0; i < GST_AV1_MAX_NUM_SPATIAL_LAYERS; i++) { + if (val & (1 << i)) + self->highest_spatial_id = i; + } +-- +2.25.1 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb index 4151e54284..dbe2b64c32 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb @@ -16,6 +16,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://CVE-2023-44429.patch \ file://CVE-2024-0444.patch \ file://CVE-2023-44446.patch \ + file://CVE-2023-50186.patch \ " SRC_URI[sha256sum] = "87251beebfd1325e5118cc67774061f6e8971761ca65a9e5957919610080d195" From patchwork Mon May 13 12:18:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 43502 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52D63C25B75 for ; Mon, 13 May 2024 12:18:29 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web11.58757.1715602708919914292 for ; Mon, 13 May 2024 05:18:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RqABP6+Z; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1ed835f3c3cso37544265ad.3 for ; Mon, 13 May 2024 05:18:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1715602708; x=1716207508; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WTsWvdcpwjQ2hC3R4U3yF5DLeemUW9e7p/z/pRWJVdc=; b=RqABP6+ZXPpn2yrjng1ikb0lD6RSEFyDKQSKm51oE6SaRxhodE45BU97VsB9NKckPS 6EEvHgl6qNfTxb/lfNUuibxH5U2Ma2HrhUS+qTQ6So2cF8C6JSGMS4wyr6uK7LHv5Y6B A4lDiDG+ytn/mwdZFbCFT7c8TntQy9OiDbnYuJy/An0mMVjiHPkrtkz9j27jp3ov5Fx2 o3Y+E6Py9A1GMBHOMhwmwq2W4W7KPndLTcN5+R0xoby9t0MKhFvh1unK/UijHWGiMKMe z7QHs/x9OQyEYLU7VINdGzMOekLhSfvegjACcCFEJH1C55v6/8YgqtsoGTXsekfdp2hC wSzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715602708; x=1716207508; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WTsWvdcpwjQ2hC3R4U3yF5DLeemUW9e7p/z/pRWJVdc=; b=cwIGgo55bY/q7BJ1D0Hw1MCMmvvcEgngkqNSq6qvhd306slMtoHQvuLdTVg8Q4TD5U Wcsh2IjpOdhh6xgdJjM501nFjRMVD1FTxT6WyZSaGJKpzE/frs/5PXeokcCzKMpxuDHo aIuSPYAgXJxX2OpkIsr4zMgBDHOLKM4FHo02qAps2oDC53FJY1Vt7Y12SSM/kKunjI7T GbGc3F3Uomgu6Y5mZGFVbNYjwHRhbUskO67K+Kd8ZU8Mn4+QyJGH45BbPqcA2x8sISAv zxcKaNFx1uE7GExw+N/FY3dDGSGjPH2bnwiuqBlbSG21iGnmRDDVl5A9Owgo1/2DhHRl harw== X-Gm-Message-State: AOJu0YxKn79hQni0tPEysVvi5O0RNpHr6tWjZ3veyuKFri957wENwAy5 UmUVwtHI4iIYnH3Xe7uU8U8TaRS+gW6ZPBR0P/UDt/h3ZRRM0na2OUk4YTPARBJap8Wp5wk/w11 1T5I= X-Google-Smtp-Source: AGHT+IFJI23FHJpjj+G3jpaJ1nzGJeJv8hk/CBhQMZmEy8i4zO3tz9qALXyv9oXzFkAE1FgbTBuohA== X-Received: by 2002:a17:902:ecc7:b0:1e8:c994:b55b with SMTP id d9443c01a7336-1ef43d15786mr140205995ad.7.1715602705579; Mon, 13 May 2024 05:18:25 -0700 (PDT) Received: from xps13.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bf30b85sm77599225ad.181.2024.05.13.05.18.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 05:18:25 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 5/6] glibc: Update to latest on stable 2.35 branch Date: Mon, 13 May 2024 05:18:11 -0700 Message-Id: <10b57ae56e6205414a44531728f691fda59a16c7.1715602539.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 13 May 2024 12:18:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/199238 From: Peter Marko Adresses CVEs: CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 Changes: 54a666dc5c elf: Disable some subtests of ifuncmain1, ifuncmain5 for !PIE 3a38600cc7 malloc: Exit early on test failure in tst-realloc 924a98402a nscd: Use time_t for return type of addgetnetgrentX 396f065496 login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701) 77d8f49058 login: Check default sizes of structs utmp, utmpx, lastlog 8e7f0eba01 sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574) 55771aba9d elf: Also compile dl-misc.os with $(rtld-early-cflags) 7a5864cac6 CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) bafadc589f CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) 4370bef52b CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) 7a95873543 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) Since glibc introduced file sysdeps/arm/bits/wordsize.h our multilib patch needed to be updated. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- ...y-the-header-between-arm-and-aarch64.patch | 64 +++++++++++-------- meta/recipes-core/glibc/glibc_2.35.bb | 5 +- 3 files changed, 41 insertions(+), 30 deletions(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index cd8c7ecf94..1a8d51ef63 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "36280d1ce5e245aabefb877fe4d3c6cff95dabfa" +SRCREV_glibc ?= "54a666dc5c94897dab63856ba264ab2c53503303" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch b/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch index 3b2d638b5f..789d2edf23 100644 --- a/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch +++ b/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch @@ -11,16 +11,15 @@ Upstream-Status: Inappropriate [ OE-Specific ] Signed-off-by: Khem Raj --- - sysdeps/aarch64/bits/wordsize.h | 8 ++++++-- - sysdeps/{aarch64 => arm}/bits/wordsize.h | 10 +++++++--- - 2 files changed, 13 insertions(+), 5 deletions(-) - copy sysdeps/{aarch64 => arm}/bits/wordsize.h (80%) + sysdeps/aarch64/bits/wordsize.h | 11 +++++++++-- + sysdeps/arm/bits/wordsize.h | 16 +++++++++++++++- + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h -index 4635431f0e..5ef0ed21f3 100644 +index 4635431f0e..1639bcb063 100644 --- a/sysdeps/aarch64/bits/wordsize.h +++ b/sysdeps/aarch64/bits/wordsize.h -@@ -17,12 +17,16 @@ +@@ -17,12 +17,19 @@ License along with the GNU C Library; if not, see . */ @@ -33,38 +32,47 @@ index 4635431f0e..5ef0ed21f3 100644 # define __WORDSIZE32_SIZE_ULONG 1 # define __WORDSIZE32_PTRDIFF_LONG 1 +#else -+# define __WORDSIZE 32 -+# define __WORDSIZE32_SIZE_ULONG 0 -+# define __WORDSIZE32_PTRDIFF_LONG 0 ++#define __WORDSIZE 32 ++#define __WORDSIZE_TIME64_COMPAT32 1 ++#define __WORDSIZE32_SIZE_ULONG 0 ++#define __WORDSIZE32_PTRDIFF_LONG 0 #endif ++#ifdef __aarch64__ #define __WORDSIZE_TIME64_COMPAT32 0 -diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h -similarity index 80% -copy from sysdeps/aarch64/bits/wordsize.h -copy to sysdeps/arm/bits/wordsize.h -index 4635431f0e..34fcdef1f1 100644 ---- a/sysdeps/aarch64/bits/wordsize.h ++#endif +diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h +index 6ecbfe7c86..1639bcb063 100644 +--- a/sysdeps/arm/bits/wordsize.h +++ b/sysdeps/arm/bits/wordsize.h -@@ -17,12 +17,16 @@ +@@ -1,4 +1,6 @@ +-/* Copyright (C) 1999-2024 Free Software Foundation, Inc. ++/* Determine the wordsize from the preprocessor defines. ++ ++ Copyright (C) 2016-2022 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -15,7 +17,19 @@ License along with the GNU C Library; if not, see . */ --#ifdef __LP64__ +#if defined (__aarch64__) && defined (__LP64__) - # define __WORDSIZE 64 --#else ++# define __WORDSIZE 64 +#elif defined (__aarch64__) - # define __WORDSIZE 32 - # define __WORDSIZE32_SIZE_ULONG 1 - # define __WORDSIZE32_PTRDIFF_LONG 1 -+#else +# define __WORDSIZE 32 -+# define __WORDSIZE32_SIZE_ULONG 0 -+# define __WORDSIZE32_PTRDIFF_LONG 0 - #endif - - #define __WORDSIZE_TIME64_COMPAT32 0 ++# define __WORDSIZE32_SIZE_ULONG 1 ++# define __WORDSIZE32_PTRDIFF_LONG 1 ++#else + #define __WORDSIZE 32 + #define __WORDSIZE_TIME64_COMPAT32 1 + #define __WORDSIZE32_SIZE_ULONG 0 + #define __WORDSIZE32_PTRDIFF_LONG 0 ++#endif ++ ++#ifdef __aarch64__ ++#define __WORDSIZE_TIME64_COMPAT32 0 ++#endif -- 2.34.1 diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb index 74d7f753d8..9400e1e920 100644 --- a/meta/recipes-core/glibc/glibc_2.35.bb +++ b/meta/recipes-core/glibc/glibc_2.35.bb @@ -24,7 +24,10 @@ CVE_CHECK_IGNORE += "CVE-2019-1010025" CVE_CHECK_IGNORE += "CVE-2023-4527" # To avoid these in cve-check reports since the recipe version did not change -CVE_CHECK_IGNORE += "CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 CVE-2023-5156 CVE-2024-2961" +CVE_CHECK_IGNORE += " \ + CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 CVE-2023-5156 \ + CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 \ +" DEPENDS += "gperf-native bison-native" From patchwork Mon May 13 12:18:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 43504 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78BE3C25B78 for ; Mon, 13 May 2024 12:18:29 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.58497.1715602707714352586 for ; Mon, 13 May 2024 05:18:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=L7rRcsPs; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1eb0e08bfd2so23238505ad.1 for ; Mon, 13 May 2024 05:18:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1715602707; x=1716207507; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=D25hoQrS/LAslEIvGRM52tmXlg7PHjkp9ZOq1dTJ4Ro=; b=L7rRcsPsBn1q4XVrtIpnngkBXPQ2YmoU4ep5gSk83y9ULlrBHtO+vlCsuRCQ6Df/1S PtLOCoRtU9nYl4QqWMdcLEMMisMV3yziKurudWlgATrdIhvkCBKJIefIxNR03nIMAmY2 lSNfBhcdgScVlYcOdvmGtLmtZZ70kZXjFlrRDvfemQp5oJtHgGBPqWqhgEdHZP67xucd DHZj/sSsU2WiFyTfJe6AF+1i3xdU6RRK5xvRitUtxgDFC+/p1wrBkhyEfyloRGT7CC/4 3kY96PZvIhGUo4DHgK/L0EhMbfbaf6vRyBmHV0zvMcxfjnuS/N2WH1IukqK3npdqM/gB ypiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715602707; x=1716207507; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D25hoQrS/LAslEIvGRM52tmXlg7PHjkp9ZOq1dTJ4Ro=; b=SzX8Qs0TynKo6OR2amG7042cd3lIHBNsQ3LKiwML3seV3H2hlYgzum+ZvN9Hca0iyd GiaPJFWdPPUmYCvlzSt4ScrBVovFllpJXm+YhAJhsStPmoWMzEmI9xI4g50smtfWtoLa FRcaIDWlYWO+yVo4JaGoa3tVjeDHquBnxkbRPfxWHqHgoKO4BmtbOV6sJZ31pZBT1bYg 9ptNXHHGQdlhXo9C8pKXYOGWS983t4WytUQE4f5dmsgRo+Oy4r7lUJ4+t5U2eIKyZl4Y f5GyHKnBrNrR+Yd5Ya7+eZfnJlIMN2UCW78S0SFzBDnUec+gccQXmbUkQOLC8jbNRDEA 5jsg== X-Gm-Message-State: AOJu0YxMuD8mK5m1pNKUrZNiriOIcAwcKC0vzS3VjGuRHc+xZUVUB4GF iUKmT+XRGws406wppbvi+HrfJn4lH7qA4JBYsVw8RdQRHvEHUe0uWAm1s+ztQRkMUzLkE2VVbYL nfMI= X-Google-Smtp-Source: AGHT+IHngR6+mTUTEzQHLw5K4aCckCBs9FTyVP8JIvHRRbopv7sUwH/BajSX56FTgPhHKdkgsmyc7A== X-Received: by 2002:a17:902:e842:b0:1e5:5bd7:87b4 with SMTP id d9443c01a7336-1ef43d17042mr107929015ad.18.1715602706986; Mon, 13 May 2024 05:18:26 -0700 (PDT) Received: from xps13.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ef0bf30b85sm77599225ad.181.2024.05.13.05.18.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 05:18:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 6/6] libpciaccess: Remove duplicated license entry Date: Mon, 13 May 2024 05:18:12 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 13 May 2024 12:18:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/199237 From: Bhabu Bindu Remove duplicated MIT license entry for libpciaccess Duplication was done as part of below commit: Link: https://git.yoctoproject.org/poky/commit/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb?h=kirkstone&id=b0130fcf91daee0d905af755302fabe608da141c Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb b/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb index d55315efc2..445f3751fe 100644 --- a/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb +++ b/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb @@ -11,7 +11,7 @@ SRC_URI += "\ SRC_URI[md5sum] = "b34e2cbdd6aa8f9cc3fa613fd401a6d6" SRC_URI[sha256sum] = "214c9d0d884fdd7375ec8da8dcb91a8d3169f263294c9a90c575bf1938b9f489" -LICENSE = "MIT & MIT" +LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=277aada5222b9a22fbf3471ff3687068" REQUIRED_DISTRO_FEATURES = ""