reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 489a428..615ad6d 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -18,6 +18,8 @@
XORG_PN = "xorg-server"
SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2"
+CVE_PRODUCT = "xorg-server"
+
S = "${WORKDIR}/${XORG_PN}-${PV}"
inherit autotools pkgconfig
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch
new file mode 100644
index 0000000..c0c2428
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-test-xtest-Initialize-array-with-braces.patch
@@ -0,0 +1,36 @@
+From 8a382c015cd3c69fcfc146ef03dcbf30c77ff207 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 1 Mar 2019 09:47:57 -0800
+Subject: [PATCH] test/xtest: Initialize array with braces
+
+Fixes an error when extra warnings are enabled, this is caught with clang
+
+test/xtest.c:64:23: error: suggest braces around initialization of subobject [-Werror,-Wmissing-braces]
+ WindowRec root = {0};
+ ^
+ {}
+1 error generated.
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ test/xtest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/xtest.c b/test/xtest.c
+index fc5e433..d7e6620 100644
+--- a/test/xtest.c
++++ b/test/xtest.c
+@@ -61,7 +61,7 @@ xtest_init_devices(void)
+ {
+ ScreenRec screen = {0};
+ ClientRec server_client = {0};
+- WindowRec root = {0};
++ WindowRec root = {{0}};
+ WindowOptRec optional = {0};
+
+ /* random stuff that needs initialization */
+--
+2.21.0
+
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
deleted file mode 100644
index 7f6235b..0000000
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Incorrect command-line parameter validation in the Xorg X server can lead to
-privilege elevation and/or arbitrary files overwrite, when the X server is
-running with elevated privileges (ie when Xorg is installed with the setuid bit
-set and started by a non-root user). The -modulepath argument can be used to
-specify an insecure path to modules that are going to be loaded in the X server,
-allowing to execute unprivileged code in the privileged process. The -logfile
-argument can be used to overwrite arbitrary files in the file system, due to
-incorrect checks in the parsing of the option.
-
-CVE: CVE-2018-14665
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 23 Oct 2018 21:29:08 +0200
-Subject: [PATCH] Disable -logfile and -modulepath when running with elevated
- privileges
-
-Could cause privilege elevation and/or arbitrary files overwrite, when
-the X server is running with elevated privileges (ie when Xorg is
-installed with the setuid bit set and started by a non-root user).
-
-CVE-2018-14665
-
-Issue reported by Narendra Shinde and Red Hat.
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-Reviewed-by: Adam Jackson <ajax@redhat.com>
----
- hw/xfree86/common/xf86Init.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
-index 6c25eda73..0f57efa86 100644
---- a/hw/xfree86/common/xf86Init.c
-+++ b/hw/xfree86/common/xf86Init.c
-@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
- /* First the options that are not allowed with elevated privileges */
- if (!strcmp(argv[i], "-modulepath")) {
- CHECK_FOR_REQUIRED_ARGUMENT();
-- xf86CheckPrivs(argv[i], argv[i + 1]);
-+ if (xf86PrivsElevated())
-+ FatalError("\nInvalid argument -modulepath "
-+ "with elevated privileges\n");
- xf86ModulePath = argv[i + 1];
- xf86ModPathFrom = X_CMDLINE;
- return 2;
- }
- if (!strcmp(argv[i], "-logfile")) {
- CHECK_FOR_REQUIRED_ARGUMENT();
-- xf86CheckPrivs(argv[i], argv[i + 1]);
-+ if (xf86PrivsElevated())
-+ FatalError("\nInvalid argument -logfile "
-+ "with elevated privileges\n");
- xf86LogFile = argv[i + 1];
- xf86LogFileFrom = X_CMDLINE;
- return 2;
---
-2.18.1
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb
similarity index 82%
rename from poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb
rename to poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb
index 9fd2e8d..ad99d6b 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.1.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb
@@ -3,10 +3,10 @@
SRC_URI += "file://musl-arm-inb-outb.patch \
file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
file://pkgconfig.patch \
- file://CVE-2018-14665.patch \
+ file://0001-test-xtest-Initialize-array-with-braces.patch \
"
-SRC_URI[md5sum] = "e525846d1d0af5732ba835f2e2ec066d"
-SRC_URI[sha256sum] = "59c99fe86fe75b8164c6567bfc6e982aecc2e4a51e6fbac1b842d5d00549e918"
+SRC_URI[md5sum] = "c4841cc24b79420205d082fe82e0a650"
+SRC_URI[sha256sum] = "fe0fd493ebe93bfc56bede382fa204458ff5f636ea54d413a5d1bd58e19166ee"
# These extensions are now integrated into the server, so declare the migration
# path for in-place upgrades.