Ross Burton d4067f5835 xwayland: fix CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 ... >From https://lists.x.org/archives/xorg-announce/2025-October/003635.html: 1) CVE-2025-62229: Use-after-free in XPresentNotify structures creation Using the X11 Present extension, when processing and adding the notifications after presenting a pixmap, if an error occurs, a dangling pointer may be left in the error code path of the function causing a use-after-free when eventually destroying the notification structures later. Introduced in: Xorg 1.15 Fixed in: xorg-server-21.1.19 and xwayland-24.1.9 Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b1 Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. 2) CVE-2025-62230: Use-after-free in Xkb client resource removal When removing the Xkb resources for a client, the function XkbRemoveResourceClient() will free the XkbInterest data associated with the device, but not the resource associated with it. As a result, when the client terminates, the resource delete function triggers a use-after-free. Introduced in: X11R6 Fixed in: xorg-server-21.1.19 and xwayland-24.1.9 Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/99790a2c https://gitlab.freedesktop.org/xorg/xserver/-/commit/10c94238 Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. 3) CVE-2025-62231: Value overflow in Xkb extension XkbSetCompatMap() The XkbCompatMap structure stores some of its values using an unsigned short, but fails to check whether the sum of the input data might overflow the maximum unsigned short value. Introduced in: X11R6 Fixed in: xorg-server-21.1.19 and xwayland-24.1.9 Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49 Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. (From OE-Core rev: f3b5fc0174478e1ab6d3d03c8fdc75be28d0fd3b) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>		2025-11-06 15:09:32 +00:00
..
builder	meta: set S from UNPACKDIR in recipes that use only local files	2025-06-20 12:07:26 +01:00
cairo	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
cantarell-fonts
drm	libdrm: upgrade 2.4.124 -> 2.4.125	2025-06-16 17:57:30 +01:00
fontconfig	fontconfig: disable tests	2025-09-25 11:09:04 +01:00
freetype	freetype: add PACKAGECONFIG for brotli	2025-09-15 17:57:23 +01:00
glew	recipes: Drop remaining md5sum checksums	2025-05-01 14:22:53 +01:00
glslang	vulkan: upgrade 1.4.321.0 -> 1.4.328.1	2025-10-13 18:01:04 +01:00
graphene	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
harfbuzz	harfbuzz: upgrade 11.4.1 -> 11.4.5	2025-09-08 18:02:39 +01:00
igt-gpu-tools	igt-gpu-tools: update 1.30 -> 2.1	2025-09-15 17:57:23 +01:00
images	core-image-weston: Add wayland as required feature.	2025-10-30 11:06:28 +00:00
jpeg	libjpeg-turbo: upgrade 3.1.1 -> 3.1.2	2025-09-11 11:31:55 +01:00
kmscube	kmscube: upgrade to latest revision	2025-09-15 17:57:23 +01:00
libepoxy	meta: remove S in recipes that fetch from git via setting BB_GIT_DEFAULT_DESTSUFFIX	2025-06-20 12:07:26 +01:00
libfakekey	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
libglvnd	libglvnd: RPROVIDE "standard" package names	2025-09-15 17:57:23 +01:00
libmatchbox	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
libsdl2	libsdl2: upgrade 2.32.8 -> 2.32.10	2025-09-08 18:02:39 +01:00
libva	meta: set S to be in UNPACKDIR in recipes that explicitly set S	2025-06-20 12:07:26 +01:00
matchbox-session	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
matchbox-wm	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
menu-cache	recipes: Drop remaining md5sum checksums	2025-05-01 14:22:53 +01:00
mesa	mesa: upgrade 25.2.4 -> 25.2.5	2025-10-27 11:37:43 +00:00
mini-x-session	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
packagegroups	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
pango	pango: update 1.56.4 -> 1.57.0	2025-09-15 17:57:23 +01:00
piglit	piglit: enable OpenCL support if distro has enabled it	2025-10-09 10:58:07 +01:00
pong-clock	meta: set S from UNPACKDIR in recipes that use only local files	2025-06-20 12:07:26 +01:00
shaderc	shaderc: upgrade 2025.2 -> 2025.3	2025-07-07 22:12:50 +01:00
spir	vulkan: upgrade 1.4.321.0 -> 1.4.328.1	2025-10-13 18:01:04 +01:00
startup-notification	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
ttf-fonts	meta: set S to be in UNPACKDIR in recipes that explicitly set S	2025-06-20 12:07:26 +01:00
virglrenderer	virglrenderer: upgrade 1.1.0 -> 1.1.1	2025-07-28 14:51:50 +01:00
vulkan	vulkan: upgrade 1.4.321.0 -> 1.4.328.1	2025-10-13 18:01:04 +01:00
waffle	meta: remove S in recipes that fetch from git via setting BB_GIT_DEFAULT_DESTSUFFIX	2025-06-20 12:07:26 +01:00
wayland	weston-init: Allow weston user to be specified	2025-10-16 10:53:10 +01:00
x11-common	x11-volatiles: register x11 volatile directories	2025-10-30 11:06:28 +00:00
xcursor-transparent-theme	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
xinput-calibrator	meta: remove consecutive blank lines	2025-06-20 12:07:27 +01:00
xorg-app	xdpyinfo: upgrade 1.3.4 -> 1.4.0	2025-09-11 11:31:56 +01:00
xorg-driver	xf86-input-vmmouse, xf86-input-mouse: drop recipes	2025-09-01 23:07:06 +01:00
xorg-font	meta: set S to be in UNPACKDIR in recipes that explicitly set S	2025-06-20 12:07:26 +01:00
xorg-lib	xkeyboard-config: Turn absolute symlinks into relative	2025-10-02 11:28:02 +01:00
xorg-proto	meta/meta-selftest: Fix variable assignment whitespace	2025-02-01 13:42:34 +00:00
xorg-util	meta: set S to be in UNPACKDIR in recipes that explicitly set S	2025-06-20 12:07:26 +01:00
xorg-xserver	xserver-xorg: fix CVE-2025-62229 CVE-2025-62230 CVE-2025-62231	2025-11-06 15:09:32 +00:00
xrestop	recipes: Drop remaining md5sum checksums	2025-05-01 14:22:53 +01:00
xwayland	xwayland: fix CVE-2025-62229 CVE-2025-62230 CVE-2025-62231	2025-11-06 15:09:32 +00:00