Add an upstream patch to fix CVE-2021-3782:
An internal reference count is held on the buffer pool, incremented
every time a new buffer is created from the pool. The reference count is
maintained as an int; on LP64 systems this can cause the reference count
to overflow if the client creates a large number of wl_shm buffer
objects, or if it can coerce the server to create a large number of
external references to the buffer storage. With the reference count
overflowing, a use-after-free can be constructed on the wl_shm_pool
tracking structure, where values may be incremented or decremented; it
may also be possible to construct a limited oracle to leak 4 bytes of
server-side memory to the attacking client at a time.
The first patch (0003-util-set-errno-in-wl_map_reserve_new.patch) comes
from upstream and its sole purpose is to allow the patch fixing
CVE-2021-3782 to be cleanly applied without any modification.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
01548a7be1