summaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics
Commit message (Collapse)AuthorAgeFilesLines
* xwayland: fix CVE-2025-49180Archana Polampalli2025-07-092-0/+46
| | | | | | | | | | | A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate. (From OE-Core rev: 78055e8b6a9ea5063658886c5b5d22821d689fc5) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2025-49179Archana Polampalli2025-07-092-0/+70
| | | | | | | | | | | A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service. (From OE-Core rev: 589bf97e1aa236477d895c227446966d0a278f3c) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2025-49178Archana Polampalli2025-07-092-0/+51
| | | | | | | | | | | A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service. (From OE-Core rev: 9ab0fb0deebd4abb22dbfc6b40fe962cb3388fbd) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2025-49177Archana Polampalli2025-07-092-0/+56
| | | | | | | | | | | A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests (From OE-Core rev: 89dde7f86e1c2e61ed71ecf92e908dbe402a2668) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2025-49176Archana Polampalli2025-07-093-0/+133
| | | | | | | | | | | A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check. (From OE-Core rev: 17033023d679a597e31964b0fed2b2e89cdf61ec) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2025-49175Archana Polampalli2025-07-092-0/+93
| | | | | | | | | | | A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. (From OE-Core rev: 2c8e82f860792e7fb99c78c512be57ce74774a34) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mesa: Update SRC_URIGuocai He2025-04-042-2/+2
| | | | | | | | | | | | | | Update SRC_URI for mesa. The the tarball of mesa has been changed from: https://mesa.freedesktop.org/archive/ to: https://archive.mesa3d.org/ (From OE-Core rev: 6397cd1ad55927c312051cbd42d5825fa8ed969b) Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* freetype: patch CVE-2025-27363Peter Marko2025-04-042-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From [1]: An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. Per [2] patches [3] and [4] are needed. Unfortunately, the code changed since 2.11.1 and it's not possible to do backport without significant changes. Since Debian and Ubuntu have already patched this CVE, take the patch from them - [5]/[6]. The patch is a combination of patch originally proposed in [7] and follow-up patch [4]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-27363 [2] https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322 [3] https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d [4] https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442 [5] https://git.launchpad.net/ubuntu/+source/freetype/commit/?h=applied/ubuntu/jammy-devel&id=fc406fb02653852dfa5979672e3d8d56ed329186 [6] https://salsa.debian.org/debian/freetype/-/commit/13295227b5b0d717a343f276d77ad3b89fcc6ed0 [7] https://www.openwall.com/lists/oss-security/2025/03/14/3 (From OE-Core rev: 5a8d4c7a9a0e099da0294141cf5590b55f0503cd) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2022-49737Yogita Urade2025-03-272-0/+91
| | | | | | | | | | | | | | | | | | | In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-49737 Upstream patch: https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0 (From OE-Core rev: 740ea9019cf5cf309c5a4ef380eac17d21078ac8) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: fix CVE-2022-49737Yogita Urade2025-03-272-0/+91
| | | | | | | | | | | | | | | | | | | In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-49737 Upstream patch: https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0 (From OE-Core rev: c6a8ad45174a416c4129deb210eab9b7721ce01d) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mesa: Fix missing GLES3 headers in SDK sysrootJohannes Kauffmann2025-03-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Building weston with core-image-weston SDK fails: ``` ../libweston/renderer-gl/gl-shader-config-color-transformation.c:29:10: fatal error: GLES3/gl3.h: No such file or directory 29 | #include <GLES3/gl3.h> | ^~~~~~~~~~~~~ ``` Both GLES2 and GLES3 implementations are contained in libGLESv2.so.2, which is packaged in libgles2-mesa. However, the headers are split between libgles2-mesa-dev and libgles3-mesa-dev, which is why the GLES3 headers end up missing in the SDK sysroot. Add a dependency so the GLES3 headers are properly associated with the GLES3 implementation. (From OE-Core rev: 7e1308ec413e69a8427ac5998431005d9e4b8033) (From OE-Core rev: 0d9f2fcc2058407eb138297d9f8f12595851b963) Signed-off-by: Tom Hochstein <tom.hochstein@oss.nxp.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Johannes Kauffmann <johanneskauffmann@hotmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26601Vijay Anusuri2025-03-085-0/+344
| | | | | | | | | | | | | | The patches are copied from xserver-xorg recipe. CVE reported for both and patches apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d & https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f & https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989 (From OE-Core rev: 58f5a6a28d353f14c672bb99820608ec82f05e6e) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26600Vijay Anusuri2025-03-082-0/+69
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b (From OE-Core rev: b02bf5f9abb4d2a514f9ea883cd1fe6057367c92) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26599Vijay Anusuri2025-03-083-0/+197
| | | | | | | | | | | | The patches are copied from xserver-xorg recipe. CVE reported for both and patches apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8 (From OE-Core rev: d79cd91d2abc1b0e9e1e47d18af140d351dce298) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26598Vijay Anusuri2025-03-082-0/+121
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a (From OE-Core rev: f01c281b94ff137003ef108e33a8c3230c541c46) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26597Vijay Anusuri2025-03-082-0/+47
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949 (From OE-Core rev: a7f4c6b1946e7215d8df561340d7a1cd0b2d5c27) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26596Vijay Anusuri2025-03-082-0/+50
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01 (From OE-Core rev: 45738e56aaf5dac1a471cb37088d3cd24764156d) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26595Vijay Anusuri2025-03-082-0/+66
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87 (From OE-Core rev: e0768162f0ece29392d4f387d263d62dd4083836) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2025-26594Vijay Anusuri2025-03-083-0/+107
| | | | | | | | | | | | The patches are copied from xserver-xorg recipe. CVE reported for both and patches apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6 (From OE-Core rev: 2d8bf72c892a3a6422e2a294fb6528ff67971e6d) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2024-9632Vijay Anusuri2025-03-082-0/+60
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0 (From OE-Core rev: 2158a34839068b878344d214d3fc9feeb17e504a) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2024-31083Vijay Anusuri2025-03-083-0/+197
| | | | | | | | | | | | | The patches are copied from xserver-xorg recipe. CVE reported for both and patches apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057ee & https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc (From OE-Core rev: 1c4b1e7877210243707a91d6a9d37ed4546bc8a7) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2024-31081Vijay Anusuri2025-03-082-0/+48
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee (From OE-Core rev: 3575ad718c8ea7d808247842df19982f00725187) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2024-31080Vijay Anusuri2025-03-082-0/+50
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b (From OE-Core rev: 4e41b1c8cccd3b2f359ee949cad402b9418f5983) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2024-21886Vijay Anusuri2025-03-083-0/+133
| | | | | | | | | | | | | | The patches are copied from xserver-xorg recipe. CVE reported for both and patches apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bc1fdbe46559dd947674375946bbef54dd0ce36b & https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 (From OE-Core rev: 77487fb0756951e29628f41ff00db12a5f9d7c27) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2024-21885Vijay Anusuri2025-03-082-0/+114
| | | | | | | | | | | | Patch copied from xserver-xorg recipe. CVE reported for both and patch apply on both. Upstream-Commit: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4a5e9b1895627d40d26045bd0b7ef3dce503cbd1 (From OE-Core rev: 4b0f6aaa994eeab5d18211ace8034ec8b92b7419) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* virglrenderer: fix do_fetch errorLibo Chen2025-03-041-1/+1
| | | | | | | | | | | | Update SRC_URI to fix the following error: WARNING: virglrenderer-native-0.9.1-r0 do_fetch: Failed to fetch URL git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1, attempting MIRRORS if available (From OE-Core rev: 72450859dd5ee5395b64917516f185a2eed52775) Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26601Vijay Anusuri2025-03-045-0/+344
| | | | | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d & https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f & https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989 (From OE-Core rev: edc4a85c1aa5a137d4f5d8fbc74135c6805511db) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26600Vijay Anusuri2025-03-042-0/+69
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b (From OE-Core rev: 4227ae54a29ca8b454e56ffd27de2bbce00b6b89) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26599Vijay Anusuri2025-03-043-0/+197
| | | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8 (From OE-Core rev: c013fec3e5dd86544366308f53a031b080b140c6) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26598Vijay Anusuri2025-03-042-0/+121
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a (From OE-Core rev: 645ad1bcf8675873a7ab4778ffd2dd59dbb7b037) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26597Vijay Anusuri2025-03-042-0/+47
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949 (From OE-Core rev: 9d095e34da2adde63358a878cfac45ea28727bdf) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26596Vijay Anusuri2025-03-042-0/+50
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01 (From OE-Core rev: d510d87d9bb3e3489a4482dd0ce66e4bc7622ca0) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26595Vijay Anusuri2025-03-042-0/+66
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87 (From OE-Core rev: 78d718f0a683f9fb81aa24b39f148d2acf2e1fc6) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26594Vijay Anusuri2025-03-043-0/+107
| | | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6 (From OE-Core rev: f45b068860b1be1b3dadd58f8f787953a2951405) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: patch CVE-2023-5380 CVE-2024-0229Peter Marko2025-01-096-0/+506
| | | | | | | | | | The patches are copied from xserver-xorg recipe. The CVES are reported for both and patched apply on both. (From OE-Core rev: cdcb9957a6fe1629dc3230fcdfd09322877d4038) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: fix CVE-2024-9632Yogita Urade2024-12-202-0/+59
| | | | | | | | | | | | | | | | | | | | A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-9632 Upstream patch: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0 (From OE-Core rev: 95027410dba7a2a7e9b93f76279272f22445399b) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsdl2: ignore CVE-2020-14409 and CVE-2020-14410Peter Marko2024-12-161-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was fixed in 2.0.14, but NVD DB lists > 2.0.20 causing false positives in CVE metrics. NVD entries [1] and [2] list commit [3] which redirects to commit [4]. Also Debian 10 uses this commit, while Debian 11 with 2.0.14 does not patch it and claims it's fixed. Trying to apply the patch shows it's already applied. Following shows git history of this commit wrt tags. SDL$ git describe a7ff6e96155f550a5597621ebeddd03c98aa9294 --tags release-2.0.12-305-ga7ff6e961 SDL$ git describe release-2.0.14 --tags --match=release-2.0.12 release-2.0.12-873-g4cd981609 SDL$ git describe release-2.0.20 --tags --match=release-2.0.12 release-2.0.12-3126-gb424665e0 [1] https://nvd.nist.gov/vuln/detail/CVE-2020-14409 [2] https://nvd.nist.gov/vuln/detail/CVE-2020-14410 [3] https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 [4] https://github.com/libsdl-org/SDL/commit/a7ff6e96155f550a5597621ebeddd03c98aa9294 (From OE-Core rev: 3079d562b4df69ab0ac20ec8d13a4240ce0a3514) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pixman: ignore CVE-2023-37769Peter Marko2024-12-091-0/+3
| | | | | | | | | | Same was done in newer Yocto releases. See commit 72f2d4cf44b795f766ecdee0b8362c7e162c5efc (From OE-Core rev: 390421edf8b6eb6031de657cdcaf0c7d50b605be) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* builder: set CVE_PRODUCTPeter Marko2024-12-021-2/+2
| | | | | | | | | | | | | Builder is a common word and there are many other builder components which makes us to ignore CVEs for all of them. There is already 1 ignored and currently 3 new ones. Instead, set product to yocto to filter them. (From OE-Core rev: 941a645b3b18418e020ada9ebdd19f425f03dfc8) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* kmscube: create_framebuffer: backport modifier fixRandolph Sapp2024-10-242-0/+32
| | | | | | | | | | Backport the upstream buffer modifier fix for create_framebuffer to handle the case where no valid modifiers are available. (From OE-Core rev: 983e3efb51ab22f1fa5f90cbbfba2d701aa425fc) Signed-off-by: Randolph Sapp <rs@ti.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* kmscube: Add patch to fix -int-conversion build errorPurushottam Choudhary2024-10-072-2/+38
| | | | | | | | | | | | | | | | | | On some platforms, `EGLNativeDisplayType` is an int instead of a pointer, in which case the void pointer will raise a `-Wint-conversion`. Add change as a patch instead of updating SRCREV . if we update SRCREV might will get compatiblity issue with current gstreamer 1.20.7 version because SRCREV brings changes which resolves negotiation issues encountered with V4L2 stateless hardware video decoders when using kmscube video playback option which has gstreamer dependency requirement to 1.22.0 (From OE-Core rev: 19a899d2ec69572e0eae4576d9fc55a7ba857309) Signed-off-by: Purushottam Choudhary <purushottam27.kumar@lge.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpciaccess: Remove duplicated license entryBhabu Bindu2024-05-161-1/+1
| | | | | | | | | | | | | Remove duplicated MIT license entry for libpciaccess Duplication was done as part of below commit: Link: https://git.yoctoproject.org/poky/commit/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb?h=kirkstone&id=b0130fcf91daee0d905af755302fabe608da141c (From OE-Core rev: f85d5dfc91d536a00669ca3148d8c3b2727b183d) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: fix CVE-2024-31083Archana Polampalli2024-05-163-0/+195
| | | | | | | | | | | FreeGlyph() function declared in render/glyphstr_priv.h, it is not present in current recipe version and introduced in later versions, added this change to render/glyphstr.h (From OE-Core rev: cc2d9275203ad9489da43ff4e1f0983c00f235fd) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: fix CVE-2024-31082Archana Polampalli2024-05-162-0/+53
| | | | | | | (From OE-Core rev: 32fc43f0c3c5481b2c38c2136706758dba054b6e) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081Vijay Anusuri2024-04-193-0/+98
| | | | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b & https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee (From OE-Core rev: 223950f9c748f89ee1b2a9df9cd77a0099e74581) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2023-6816 CVE-2024-0408/0409Lee Chee Yang2024-04-054-0/+172
| | | | | | | | | fix CVE-2023-6816 CVE-2024-0408 CVE-2024-0409 (From OE-Core rev: e8feba36e09aefffcafcebc85ec75abb5b97b3eb) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: Fix CVE-2023-6377 CVE-2023-6478Lee Chee Yang2024-02-073-0/+150
| | | | | | | (From OE-Core rev: 89974b7fa33f3e9d3e3a4df7ad219898fe400d3a) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Multiple CVE fixesVijay Anusuri2024-01-2411-0/+813
| | | | | | | | | | | | | | | Fix below CVE's CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 CVE-2024-0408 CVE-2024-0409 (From OE-Core rev: ad696a0067e11c332a4542ccacd76455f5fbd984) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478Vijay Anusuri2024-01-113-0/+144
| | | | | | | | | | | | Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd & https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632] (From OE-Core rev: abadef9d1759254699577fe40ee353e75958f9a2) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xwayland: fix CVE-2023-5367Lee Chee Yang2023-12-122-1/+88
| | | | | | | (From OE-Core rev: 9c21b08c18414bb61abebcbbb8704946ea288a7b) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>