diff options
Diffstat (limited to 'meta/recipes-graphics')
31 files changed, 516 insertions, 26 deletions
diff --git a/meta/recipes-graphics/glslang/glslang_11.2.0.bb b/meta/recipes-graphics/glslang/glslang_11.2.0.bb index 902f7345f5..e00f73ccb7 100644 --- a/meta/recipes-graphics/glslang/glslang_11.2.0.bb +++ b/meta/recipes-graphics/glslang/glslang_11.2.0.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause & MIT & Apache-2.0 & GPL-3-with-bison-exc LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c5ce49c0456e9b413b98a4368c378229" SRCREV = "5421877c380d5f92c1965c7a94620dac861297dd" -SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https \ +SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=master \ file://0001-generate-glslang-pkg-config.patch" UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb b/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb index 1cc94cf993..4b8630a318 100644 --- a/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb +++ b/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb @@ -12,7 +12,7 @@ inherit meson SRCREV = "d16ad07e7f2a028e14d61f570931c87fa5ce404c" PV = "1.25+git${SRCPV}" -SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https \ +SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https;branch=master \ file://0001-lib-igt_edid-Allocate-raw-8-bytes-for-VSDB.patch \ file://reproducibility.patch" diff --git a/meta/recipes-graphics/libfakekey/libfakekey_git.bb b/meta/recipes-graphics/libfakekey/libfakekey_git.bb index ab6f5ac9ed..33ea6fe5a9 100644 --- a/meta/recipes-graphics/libfakekey/libfakekey_git.bb +++ b/meta/recipes-graphics/libfakekey/libfakekey_git.bb @@ -13,7 +13,7 @@ SECTION = "x11/wm" SRCREV = "7ad885912efb2131e80914e964d5e635b0d07b40" PV = "0.3+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/${BPN}" +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb index 1a31677978..06bd682823 100644 --- a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb +++ b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb @@ -17,7 +17,7 @@ DEPENDS = "virtual/libx11 libxext" #SRCREV for 1.12 SRCREV = "e846ee434f8e23d9db38af13c523f791495e0e87" -SRC_URI = "git://git.yoctoproject.org/${BPN}" +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/libva/libva-utils_2.10.0.bb b/meta/recipes-graphics/libva/libva-utils_2.10.0.bb index 828f4fb317..39763ba539 100644 --- a/meta/recipes-graphics/libva/libva-utils_2.10.0.bb +++ b/meta/recipes-graphics/libva/libva-utils_2.10.0.bb @@ -14,7 +14,7 @@ SECTION = "x11" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e" -SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.10-branch" +SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.10-branch;protocol=https" SRCREV = "f112ee75fcd1472131b20f901b93f6ac1d293fad" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb index a08eb252ce..3ea67d09d6 100644 --- a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb +++ b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb @@ -12,7 +12,7 @@ DEPENDS = "libmatchbox virtual/libx11 libxext libxrender startup-notification ex # SRCREV tagged 1.2.2 SRCREV = "27da947e7fbdf9659f7e5bd1e92af92af6c03970" -SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager \ +SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager;branch=master \ file://0001-Fix-build-with-gcc-10.patch \ file://kbdconfig" diff --git a/meta/recipes-graphics/mesa/files/0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch b/meta/recipes-graphics/mesa/files/0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch new file mode 100644 index 0000000000..899450eb2a --- /dev/null +++ b/meta/recipes-graphics/mesa/files/0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch @@ -0,0 +1,52 @@ +commit 8bd63cd28939d79d6681943b840627eaa3614ee4 +Author: Pablo Saavedra <psaavedra@igalia.com> +Date: Mon Oct 18 15:48:42 2021 +0200 + + gallium/dri: Make YUV formats we're going to emulate external-only. + + If we're going to have to bind them as separate planes with colorspace + conversion for sampling on the frontend, then we need to report that + they're only for external-image samplers, otherwise the lowering won't be + applied. + + Fixes: 4e3a7dcf ("gallium: enable EGL_EXT_image_dma_buf_import_modifiers unconditionally") + Reviewed-by: Jose Maria Casanova Crespo <jmcasanova@igalia.com> + Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13038> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13038] + +diff --git a/src/gallium/frontends/dri/dri2.c b/src/gallium/frontends/dri/dri2.c +index b0c0d7e..ef8df5a 100644 +--- a/src/gallium/frontends/dri/dri2.c ++++ b/src/gallium/frontends/dri/dri2.c +@@ -1445,16 +1445,24 @@ dri2_query_dma_buf_modifiers(__DRIscreen *_screen, int fourcc, int max, + + format = map->pipe_format; + ++ bool native_sampling = pscreen->is_format_supported(pscreen, format, screen->target, 0, 0, ++ PIPE_BIND_SAMPLER_VIEW); + if (pscreen->is_format_supported(pscreen, format, screen->target, 0, 0, +- PIPE_BIND_RENDER_TARGET) || +- pscreen->is_format_supported(pscreen, format, screen->target, 0, 0, +- PIPE_BIND_SAMPLER_VIEW) || +- dri2_yuv_dma_buf_supported(screen, map)) { +- if (pscreen->query_dmabuf_modifiers != NULL) ++ PIPE_BIND_RENDER_TARGET) || ++ native_sampling || ++ dri2_yuv_dma_buf_supported(screen, map)) { ++ if (pscreen->query_dmabuf_modifiers != NULL) { + pscreen->query_dmabuf_modifiers(pscreen, format, max, modifiers, + external_only, count); +- else ++ if (!native_sampling && external_only) { ++ /* To support it using YUV lowering, we need it to be samplerExternalOES. ++ */ ++ for (int i = 0; i < *count; i++) ++ external_only[i] = true; ++ } ++ } else { + *count = 0; ++ } + return true; + } + return false; diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc index a85f94c75e..cfc1bc1d36 100644 --- a/meta/recipes-graphics/mesa/mesa.inc +++ b/meta/recipes-graphics/mesa/mesa.inc @@ -19,6 +19,7 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ file://0002-meson.build-make-TLS-ELF-optional.patch \ file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \ file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \ + file://0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch \ " SRC_URI[sha256sum] = "565c6f4bd2d5747b919454fc1d439963024fc78ca56fd05158c3b2cde2f6912b" @@ -252,7 +253,7 @@ python mesa_populate_packages() { import re dri_drivers_root = oe.path.join(d.getVar('PKGD'), d.getVar('libdir'), "dri") if os.path.isdir(dri_drivers_root): - dri_pkgs = os.listdir(dri_drivers_root) + dri_pkgs = sorted(os.listdir(dri_drivers_root)) lib_name = d.expand("${MLPREFIX}mesa-megadriver") for p in dri_pkgs: m = re.match(r'^(.*)_dri\.so$', p) diff --git a/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb b/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb index 58a6997ffe..88101b5dcc 100644 --- a/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb +++ b/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb @@ -7,7 +7,7 @@ PV = "1.4.7+git${SRCPV}" # Exclude x.99.x versions from upstream checks UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>^\d+(\.(?!99)\d+)+)" -SRC_URI = "git://github.com/clutter-project/mx.git;branch=mx-1.4 \ +SRC_URI = "git://github.com/clutter-project/mx.git;branch=mx-1.4;protocol=https \ file://fix-test-includes.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/piglit/piglit_git.bb b/meta/recipes-graphics/piglit/piglit_git.bb index 14f4c75a2c..96ec93071d 100644 --- a/meta/recipes-graphics/piglit/piglit_git.bb +++ b/meta/recipes-graphics/piglit/piglit_git.bb @@ -6,7 +6,7 @@ BUGTRACKER = "https://gitlab.freedesktop.org/mesa/piglit/-/issues" LICENSE = "MIT & LGPLv2+ & GPLv3 & GPLv2+ & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0" -SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https \ +SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https;branch=master \ file://0001-cmake-install-bash-completions-in-the-right-place.patch \ file://0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \ file://0001-Add-a-missing-include-for-htobe32-definition.patch \ diff --git a/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb b/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb index 7a43af5e6b..ea7e17305e 100644 --- a/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb +++ b/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb @@ -8,7 +8,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d" SRCREV = "bcf55210f13a4fa3c3d0963b509ff1070e434c79" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https" +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$" S = "${WORKDIR}/git" PV .= "+git${SRCPV}" diff --git a/meta/recipes-graphics/spir/spirv-tools_2020.7.bb b/meta/recipes-graphics/spir/spirv-tools_2020.7.bb index 8be698533a..9a06408526 100644 --- a/meta/recipes-graphics/spir/spirv-tools_2020.7.bb +++ b/meta/recipes-graphics/spir/spirv-tools_2020.7.bb @@ -8,7 +8,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "2573fd781b5408cd7fe5755a78b60d767a748ff9" -SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git \ +SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=master;protocol=https \ file://0001-fix-strncpy-bound-error.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$" diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch new file mode 100644 index 0000000000..ae42dc8f6c --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch @@ -0,0 +1,117 @@ +From 63aee871365f9c9e7fa9125672302a0fb250d34d Mon Sep 17 00:00:00 2001 +From: Gert Wollny <gert.wollny@collabora.com> +Date: Tue, 30 Nov 2021 09:16:24 +0100 +Subject: [PATCH 2/2] vrend: propperly check whether the shader image range is + correct + +Also add a test to check the integer underflow. + +Closes: #251 +Signed-off-by: Gert Wollny <gert.wollny@collabora.com> +Reviewed-by: Chia-I Wu <olvaffe@gmail.com> + +cherry-pick from anongit.freedesktop.org/virglrenderer +commit 2aed5d4... + +CVE: CVE-2022-0135 +Upstream-Status: Backport +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +--- + src/vrend_decode.c | 3 +- + tests/test_fuzzer_formats.c | 57 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 59 insertions(+), 1 deletion(-) + +diff --git a/src/vrend_decode.c b/src/vrend_decode.c +index 91f5f24..6771b10 100644 +--- a/src/vrend_decode.c ++++ b/src/vrend_decode.c +@@ -1249,8 +1249,9 @@ static int vrend_decode_set_shader_images(struct vrend_context *ctx, const uint3 + if (num_images < 1) { + return 0; + } ++ + if (start_slot > PIPE_MAX_SHADER_IMAGES || +- start_slot > PIPE_MAX_SHADER_IMAGES - num_images) ++ start_slot + num_images > PIPE_MAX_SHADER_IMAGES) + return EINVAL; + + for (uint32_t i = 0; i < num_images; i++) { +diff --git a/tests/test_fuzzer_formats.c b/tests/test_fuzzer_formats.c +index 154a2e5..e32caf0 100644 +--- a/tests/test_fuzzer_formats.c ++++ b/tests/test_fuzzer_formats.c +@@ -958,6 +958,61 @@ static void test_vrend_set_signle_abo_heap_overflow() { + virgl_renderer_submit_cmd((void *) cmd, ctx_id, 0xde); + } + ++static void test_vrend_set_shader_images_overflow() ++{ ++ uint32_t num_shaders = PIPE_MAX_SHADER_IMAGES + 1; ++ uint32_t size = num_shaders * VIRGL_SET_SHADER_IMAGE_ELEMENT_SIZE + 3; ++ uint32_t cmd[size]; ++ int i = 0; ++ cmd[i++] = ((size - 1)<< 16) | 0 << 8 | VIRGL_CCMD_SET_SHADER_IMAGES; ++ cmd[i++] = PIPE_SHADER_FRAGMENT; ++ memset(&cmd[i], 0, size - i); ++ ++ virgl_renderer_submit_cmd((void *) cmd, ctx_id, size); ++} ++ ++/* Test adapted from yaojun8558363@gmail.com: ++ * https://gitlab.freedesktop.org/virgl/virglrenderer/-/issues/250 ++*/ ++static void test_vrend_3d_resource_overflow() { ++ ++ struct virgl_renderer_resource_create_args resource; ++ resource.handle = 0x4c474572; ++ resource.target = PIPE_TEXTURE_2D_ARRAY; ++ resource.format = VIRGL_FORMAT_Z24X8_UNORM; ++ resource.nr_samples = 2; ++ resource.last_level = 0; ++ resource.array_size = 3; ++ resource.bind = VIRGL_BIND_SAMPLER_VIEW; ++ resource.depth = 1; ++ resource.width = 8; ++ resource.height = 4; ++ resource.flags = 0; ++ ++ virgl_renderer_resource_create(&resource, NULL, 0); ++ virgl_renderer_ctx_attach_resource(ctx_id, resource.handle); ++ ++ uint32_t size = 0x400; ++ uint32_t cmd[size]; ++ int i = 0; ++ cmd[i++] = (size - 1) << 16 | 0 << 8 | VIRGL_CCMD_RESOURCE_INLINE_WRITE; ++ cmd[i++] = resource.handle; ++ cmd[i++] = 0; // level ++ cmd[i++] = 0; // usage ++ cmd[i++] = 0; // stride ++ cmd[i++] = 0; // layer_stride ++ cmd[i++] = 0; // x ++ cmd[i++] = 0; // y ++ cmd[i++] = 0; // z ++ cmd[i++] = 8; // w ++ cmd[i++] = 4; // h ++ cmd[i++] = 3; // d ++ memset(&cmd[i], 0, size - i); ++ ++ virgl_renderer_submit_cmd((void *) cmd, ctx_id, size); ++} ++ ++ + int main() + { + initialize_environment(); +@@ -980,6 +1035,8 @@ int main() + test_cs_nullpointer_deference(); + test_vrend_set_signle_abo_heap_overflow(); + ++ test_vrend_set_shader_images_overflow(); ++ test_vrend_3d_resource_overflow(); + + virgl_renderer_context_destroy(ctx_id); + virgl_renderer_cleanup(&cookie); +-- +2.25.1 + diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch new file mode 100644 index 0000000000..8bbb9eb579 --- /dev/null +++ b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch @@ -0,0 +1,112 @@ +From 5ca7aca001092c557f0b6fc1ba3db7dcdab860b7 Mon Sep 17 00:00:00 2001 +From: Gert Wollny <gert.wollny@collabora.com> +Date: Tue, 30 Nov 2021 09:29:42 +0100 +Subject: [PATCH 1/2] vrend: clear memory when allocating a host-backed memory + resource + +Closes: #249 +Signed-off-by: Gert Wollny <gert.wollny@collabora.com> +Reviewed-by: Chia-I Wu <olvaffe@gmail.com> + +cherry-pick from anongit.freedesktop.org/virglrenderer +commit b05bb61... + +CVE: CVE-2022-0175 +Upstream-Status: Backport +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +Patch to vrend_renderer.c modified to apply to version used by hardknott. +Patch to test_virgl_transfer.c unchanged. + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +--- + src/vrend_renderer.c | 2 +- + tests/test_virgl_transfer.c | 51 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+), 1 deletion(-) + +diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c +index ad7a351..d84f785 100644 +--- a/src/vrend_renderer.c ++++ b/src/vrend_renderer.c +@@ -6646,7 +6646,7 @@ int vrend_renderer_resource_create(struct vrend_renderer_resource_create_args *a + if (args->bind == VIRGL_BIND_CUSTOM) { + /* use iovec directly when attached */ + gr->storage_bits |= VREND_STORAGE_HOST_SYSTEM_MEMORY; +- gr->ptr = malloc(args->width); ++ gr->ptr = calloc(1, args->width); + if (!gr->ptr) { + FREE(gr); + return ENOMEM; +diff --git a/tests/test_virgl_transfer.c b/tests/test_virgl_transfer.c +index 2c8669a..8f8e98a 100644 +--- a/tests/test_virgl_transfer.c ++++ b/tests/test_virgl_transfer.c +@@ -952,6 +952,56 @@ START_TEST(virgl_test_transfer_near_res_bounds_with_stride_succeeds) + } + END_TEST + ++START_TEST(test_vrend_host_backed_memory_no_data_leak) ++{ ++ struct iovec iovs[1]; ++ int niovs = 1; ++ ++ struct virgl_context ctx = {0}; ++ ++ int ret = testvirgl_init_ctx_cmdbuf(&ctx); ++ ++ struct virgl_renderer_resource_create_args res; ++ res.handle = 0x400; ++ res.target = PIPE_BUFFER; ++ res.format = VIRGL_FORMAT_R8_UNORM; ++ res.nr_samples = 0; ++ res.last_level = 0; ++ res.array_size = 1; ++ res.bind = VIRGL_BIND_CUSTOM; ++ res.depth = 1; ++ res.width = 32; ++ res.height = 1; ++ res.flags = 0; ++ ++ uint32_t size = 32; ++ uint8_t* data = calloc(1, size); ++ memset(data, 1, 32); ++ iovs[0].iov_base = data; ++ iovs[0].iov_len = size; ++ ++ struct pipe_box box = {0,0,0, size, 1,1}; ++ ++ virgl_renderer_resource_create(&res, NULL, 0); ++ virgl_renderer_ctx_attach_resource(ctx.ctx_id, res.handle); ++ ++ ret = virgl_renderer_transfer_read_iov(res.handle, ctx.ctx_id, 0, 0, 0, ++ (struct virgl_box *)&box, 0, iovs, niovs); ++ ++ ck_assert_int_eq(ret, 0); ++ ++ for (int i = 0; i < 32; ++i) ++ ck_assert_int_eq(data[i], 0); ++ ++ virgl_renderer_ctx_detach_resource(1, res.handle); ++ ++ virgl_renderer_resource_unref(res.handle); ++ free(data); ++ ++} ++END_TEST ++ ++ + static Suite *virgl_init_suite(void) + { + Suite *s; +@@ -981,6 +1031,7 @@ static Suite *virgl_init_suite(void) + tcase_add_test(tc_core, virgl_test_transfer_buffer_bad_strides); + tcase_add_test(tc_core, virgl_test_transfer_2d_array_bad_layer_stride); + tcase_add_test(tc_core, virgl_test_transfer_2d_bad_level); ++ tcase_add_test(tc_core, test_vrend_host_backed_memory_no_data_leak); + + tcase_add_loop_test(tc_core, virgl_test_transfer_res_read_valid, 0, PIPE_MAX_TEXTURE_TYPES); + tcase_add_loop_test(tc_core, virgl_test_transfer_res_write_valid, 0, PIPE_MAX_TEXTURE_TYPES); +-- +2.31.1 + diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb index 52821195d1..1c32a573b2 100644 --- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb +++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb @@ -10,9 +10,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10" DEPENDS = "libdrm virtual/libgl libepoxy" SRCREV = "7d204f3927be65fb3365dce01dbcd04d447a4985" -SRC_URI = "git://anongit.freedesktop.org/virglrenderer \ +SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=master \ file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ file://0001-meson.build-use-python3-directly-for-python.patch \ + file://cve-2022-0135.patch \ + file://cve-2022-0175.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb index 5a8c62e64d..295ac12fc5 100644 --- a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb +++ b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2119edef0916b0bd511cb3c731076271" DEPENDS = "zlib" -SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release \ +SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release;protocol=https \ file://0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch \ file://0001-Use-ASSIMP_LIB_INSTALL_DIR-to-search-library.patch \ " diff --git a/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb b/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb index 4c9c94f3d2..b0211432ab 100644 --- a/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb +++ b/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb @@ -9,7 +9,7 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=master" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=master;protocol=https" SRCREV = "1d99b835ec3cd5a7fb2f2a2dd9a615ee2d1f0101" diff --git a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb index 6b6ed06dbb..a866f0a5cb 100644 --- a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb +++ b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb @@ -9,7 +9,7 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7dbefed23242760aa3475ee42801c5ac" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git \ +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=master;protocol=https \ " SRCREV = "c5678a03db383fd0dc5bfb8e9a383043bdbcb57b" diff --git a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb index b7c38f6543..07d6e9d735 100644 --- a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb +++ b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb @@ -5,7 +5,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=48aa35cefb768436223a6e7f18dc2a2a" -SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git \ +SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=master;protocol=https \ file://0001-CMakeLists.txt-do-not-hardcode-lib-as-installation-t.patch \ file://debugfix.patch \ " diff --git a/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb b/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb index 0c8bcaa085..d81dc14472 100644 --- a/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb +++ b/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb @@ -6,7 +6,7 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.2.170" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.2.170;protocol=https" SRCREV = "88ea55de928a08ba5c5f65a93d1e7c8f666fc43f" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/waffle/waffle_1.6.1.bb b/meta/recipes-graphics/waffle/waffle_1.6.1.bb index 07d7279c2b..5e5b227a40 100644 --- a/meta/recipes-graphics/waffle/waffle_1.6.1.bb +++ b/meta/recipes-graphics/waffle/waffle_1.6.1.bb @@ -3,17 +3,15 @@ DESCRIPTION = "A cross-platform C library that allows one to defer selection \ of an OpenGL API and window system until runtime. For example, on Linux, Waffle \ enables an application to select X11/EGL with an OpenGL 3.3 core profile, \ Wayland with OpenGL ES2, and other window system / API combinations." -HOMEPAGE = "http://www.waffle-gl.org/" +HOMEPAGE = "https://gitlab.freedesktop.org/mesa/waffle" BUGTRACKER = "https://gitlab.freedesktop.org/mesa/waffle" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \ file://include/waffle/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf" -SRC_URI = "http://waffle-gl.org/files/release/${BPN}-${PV}/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "c91529e579483f44fb330052872b9c73" -SRC_URI[sha256sum] = "31565649ff0e2d8dff1b8f7f2264ab7a78452063c7e04adfc4ce03e64b655080" - -UPSTREAM_CHECK_URI = "http://www.waffle-gl.org/releases.html" +SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=maint-1.6" +SRCREV = "d7e8c4759704b3c571fa3697c716279c26fd05eb" +S = "${WORKDIR}/git" inherit meson features_check lib_package bash-completion diff --git a/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb b/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb index 3fb78f658c..35a46dbb08 100644 --- a/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb +++ b/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb @@ -20,3 +20,7 @@ inherit allarch autotools pkgconfig PACKAGES = "${PN}" FILES_${PN} += "${datadir}/pkgconfig/wayland-protocols.pc" + +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" diff --git a/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb b/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb index d2a16643fe..e524b82dd6 100644 --- a/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb +++ b/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb @@ -12,7 +12,7 @@ inherit autotools pkgconfig features_check REQUIRED_DISTRO_FEATURES = "x11" SRCREV = "18ec53f1cada39f905614ebfaffed5c7754ecf46" -SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput \ +SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput;protocol=https \ file://30xinput_calibrate.sh \ file://Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch \ file://0001-calibrator.hh-Include-string-to-get-std-string.patch \ diff --git a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb index 161371b118..73c0cdc385 100644 --- a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb +++ b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb @@ -13,7 +13,7 @@ SRCREV = "f66d39544bb8339130c96d282a80f87ca1606caf" PV = "2.99.917+git${SRCPV}" S = "${WORKDIR}/git" -SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel \ +SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel;branch=master \ file://0001-Sync-i915_pciids-upto-8717c6b7414f.patch \ file://0001-i810-Avoid-duplicate-definition-of-I810PatternROP.patch \ " diff --git a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb index 713fcfb935..02c8cff25d 100644 --- a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb +++ b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb @@ -23,3 +23,7 @@ EXTRA_OECONF += "--with-encodingsdir=${datadir}/fonts/X11/encodings" # postinst from .inc doesn't apply to this recipe pkg_postinst_${PN} () { } + +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index b3e03744c0..d83cb94317 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -17,7 +17,15 @@ PE = "2" XORG_PN = "xorg-server" SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" -CVE_PRODUCT = "xorg-server" +CVE_PRODUCT = "xorg-server x_server" +# This is specific to Debian's xserver-wrapper.c +CVE_CHECK_WHITELIST += "CVE-2011-4613" +# As per upstream, exploiting this flaw is non-trivial and it requires exact +# timing on the behalf of the attacker. Many graphical applications exit if their +# connection to the X server is lost, so a typical desktop session is either +# impossible or difficult to exploit. There is currently no upstream patch +# available for this flaw. +CVE_CHECK_WHITELIST += "CVE-2020-25697" S = "${WORKDIR}/${XORG_PN}-${PV}" diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch new file mode 100644 index 0000000000..3277be0185 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch @@ -0,0 +1,59 @@ +Backport patch to fix CVE-2021-4008. + +CVE: CVE-2021-4008 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas <povilas@radix.lt> +Date: Tue, 14 Dec 2021 15:00:03 +0200 +Subject: [PATCH] render: Fix out of bounds access in + SProcRenderCompositeGlyphs() + +ZDI-CAN-14192, CVE-2021-4008 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas <povilas@radix.lt> +--- + render/render.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/render/render.c b/render/render.c +index c376090ca..456f156d4 100644 +--- a/render/render.c ++++ b/render/render.c +@@ -2309,6 +2309,9 @@ SProcRenderCompositeGlyphs(ClientPtr client) + + i = elt->len; + if (i == 0xff) { ++ if (buffer + 4 > end) { ++ return BadLength; ++ } + swapl((int *) buffer); + buffer += 4; + } +@@ -2319,12 +2322,18 @@ SProcRenderCompositeGlyphs(ClientPtr client) + buffer += i; + break; + case 2: ++ if (buffer + i * 2 > end) { ++ return BadLength; ++ } + while (i--) { + swaps((short *) buffer); + buffer += 2; + } + break; + case 4: ++ if (buffer + i * 4 > end) { ++ return BadLength; ++ } + while (i--) { + swapl((int *) buffer); + buffer += 4; +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch new file mode 100644 index 0000000000..ddfbb43ee4 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch @@ -0,0 +1,50 @@ +Backport patch to fix CVE-2021-4009. + +CVE: CVE-2021-4009 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b519675] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From b5196750099ae6ae582e1f46bd0a6dad29550e02 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas <povilas@radix.lt> +Date: Tue, 14 Dec 2021 15:00:01 +0200 +Subject: [PATCH] xfixes: Fix out of bounds access in + *ProcXFixesCreatePointerBarrier() + +ZDI-CAN-14950, CVE-2021-4009 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas <povilas@radix.lt> +--- + xfixes/cursor.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/xfixes/cursor.c b/xfixes/cursor.c +index 60580b88f..c5d4554b2 100644 +--- a/xfixes/cursor.c ++++ b/xfixes/cursor.c +@@ -1010,7 +1010,8 @@ ProcXFixesCreatePointerBarrier(ClientPtr client) + { + REQUEST(xXFixesCreatePointerBarrierReq); + +- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); ++ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, ++ pad_to_int32(stuff->num_devices * sizeof(CARD16))); + LEGAL_NEW_RESOURCE(stuff->barrier, client); + + return XICreatePointerBarrier(client, stuff); +@@ -1027,7 +1028,8 @@ SProcXFixesCreatePointerBarrier(ClientPtr client) + + swaps(&stuff->length); + swaps(&stuff->num_devices); +- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); ++ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, ++ pad_to_int32(stuff->num_devices * sizeof(CARD16))); + + swapl(&stuff->barrier); + swapl(&stuff->window); +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch new file mode 100644 index 0000000000..06ebe7d077 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch @@ -0,0 +1,39 @@ +Backport patch to fix CVE-2021-4010. + +CVE: CVE-2021-4010 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c530] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 6c4c53010772e3cb4cb8acd54950c8eec9c00d21 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas <povilas@radix.lt> +Date: Tue, 14 Dec 2021 15:00:02 +0200 +Subject: [PATCH] Xext: Fix out of bounds access in SProcScreenSaverSuspend() + +ZDI-CAN-14951, CVE-2021-4010 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas <povilas@radix.lt> +--- + Xext/saver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Xext/saver.c b/Xext/saver.c +index 1d7e3cadf..f813ba08d 100644 +--- a/Xext/saver.c ++++ b/Xext/saver.c +@@ -1351,8 +1351,8 @@ SProcScreenSaverSuspend(ClientPtr client) + REQUEST(xScreenSaverSuspendReq); + + swaps(&stuff->length); +- swapl(&stuff->suspend); + REQUEST_SIZE_MATCH(xScreenSaverSuspendReq); ++ swapl(&stuff->suspend); + return ProcScreenSaverSuspend(client); + } + +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch new file mode 100644 index 0000000000..c7eb03091d --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch @@ -0,0 +1,40 @@ +Backport patch to fix CVE-2021-4011. + +CVE: CVE-2021-4011 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From e56f61c79fc3cee26d83cda0f84ae56d5979f768 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas <povilas@radix.lt> +Date: Tue, 14 Dec 2021 15:00:00 +0200 +Subject: [PATCH] record: Fix out of bounds access in SwapCreateRegister() + +ZDI-CAN-14952, CVE-2021-4011 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas <povilas@radix.lt> +--- + record/record.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/record/record.c b/record/record.c +index be154525d..e123867a7 100644 +--- a/record/record.c ++++ b/record/record.c +@@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) + swapl(pClientID); + } + if (stuff->nRanges > +- client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) +- - stuff->nClients) ++ (client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) ++ - stuff->nClients) / bytes_to_int32(sz_xRecordRange)) + return BadLength; + RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); + return Success; +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index e0551fa999..58f1eb328e 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -9,6 +9,10 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch \ file://CVE-2021-3472.patch \ file://0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch \ + file://CVE-2021-4008.patch \ + file://CVE-2021-4009.patch \ + file://CVE-2021-4010.patch \ + file://CVE-2021-4011.patch \ " SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" |