From fecc1a9d39b76f84f0891ffbe5f7d78bddec3fe0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= Date: Thu, 5 Oct 2023 15:25:06 +0200 Subject: [PATCH] libICE 1.1.1 Update package to version 1.1.1. Since upstream commit 08df47e4786d ("Build xz tarballs instead of bzip2"), .tar.xz is used instead of .tar.bz2, update `Source0` accordingly. Drop `0001-Use-getentropy-if-arc4random_buf-is-not-available.patch` as it is not used in the spec and it is available in the upstream commit ff5e59f32255 ("Use getentropy() if arc4random_buf() is not available"), which is included in version 1.1.1. --- .gitignore | 1 + ...y-if-arc4random_buf-is-not-available.patch | 143 ------------------ libICE.spec | 9 +- sources | 2 +- 4 files changed, 8 insertions(+), 147 deletions(-) delete mode 100644 0001-Use-getentropy-if-arc4random_buf-is-not-available.patch diff --git a/.gitignore b/.gitignore index 446ac0b..5e1d57c 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ libICE-1.0.6.tar.bz2 /libICE-1.0.8.tar.bz2 /libICE-1.0.9.tar.bz2 /libICE-1.0.10.tar.bz2 +/libICE-1.1.1.tar.xz diff --git a/0001-Use-getentropy-if-arc4random_buf-is-not-available.patch b/0001-Use-getentropy-if-arc4random_buf-is-not-available.patch deleted file mode 100644 index f7d6640..0000000 --- a/0001-Use-getentropy-if-arc4random_buf-is-not-available.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 8044880840bcde6f15a078e267cf163072ac1878 Mon Sep 17 00:00:00 2001 -From: Benjamin Tissoires -Date: Tue, 4 Apr 2017 19:12:53 +0200 -Subject: [PATCH libICE 1/2] Use getentropy() if arc4random_buf() is not - available - -This allows to fix CVE-2017-2626 on Linux platforms without pulling in -libbsd. -The libc getentropy() is available since glibc 2.25 but also on OpenBSD. -For Linux, we need at least a v3.17 kernel. If the recommended -arc4random_buf() function is not available, emulate it by first trying -to use getentropy() on a supported glibc and kernel. If the call fails, -fall back to the current (partly vulnerable) code. - -Signed-off-by: Benjamin Tissoires -Reviewed-by: Mark Kettenis -Reviewed-by: Alan Coopersmith -Signed-off-by: Peter Hutterer ---- - configure.ac | 2 +- - src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++----------------- - 2 files changed, 47 insertions(+), 20 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 458882a..c971ab6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type]) - - # Checks for library functions. - AC_CHECK_LIB([bsd], [arc4random_buf]) --AC_CHECK_FUNCS([asprintf arc4random_buf]) -+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy]) - - # Allow checking code with lint, sparse, etc. - XORG_WITH_LINT -diff --git a/src/iceauth.c b/src/iceauth.c -index ef66626..9b77eac 100644 ---- a/src/iceauth.c -+++ b/src/iceauth.c -@@ -42,31 +42,19 @@ Author: Ralph Mor, X Consortium - - static int was_called_state; - --/* -- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by -- * the SI. It is not part of standard ICElib. -- */ -+#ifndef HAVE_ARC4RANDOM_BUF - -- --char * --IceGenerateMagicCookie ( -+static void -+emulate_getrandom_buf ( -+ char *auth, - int len - ) - { -- char *auth; --#ifndef HAVE_ARC4RANDOM_BUF - long ldata[2]; - int seed; - int value; - int i; --#endif - -- if ((auth = malloc (len + 1)) == NULL) -- return (NULL); -- --#ifdef HAVE_ARC4RANDOM_BUF -- arc4random_buf(auth, len); --#else - #ifdef ITIMER_REAL - { - struct timeval now; -@@ -74,13 +62,13 @@ IceGenerateMagicCookie ( - ldata[0] = now.tv_sec; - ldata[1] = now.tv_usec; - } --#else -+#else /* ITIMER_REAL */ - { - long time (); - ldata[0] = time ((long *) 0); - ldata[1] = getpid (); - } --#endif -+#endif /* ITIMER_REAL */ - seed = (ldata[0]) + (ldata[1] << 16); - srand (seed); - for (i = 0; i < len; i++) -@@ -88,7 +76,46 @@ IceGenerateMagicCookie ( - value = rand (); - auth[i] = value & 0xff; - } --#endif -+} -+ -+static void -+arc4random_buf ( -+ char *auth, -+ int len -+) -+{ -+ int ret; -+ -+#if HAVE_GETENTROPY -+ /* weak emulation of arc4random through the entropy libc */ -+ ret = getentropy (auth, len); -+ if (ret == 0) -+ return; -+#endif /* HAVE_GETENTROPY */ -+ -+ emulate_getrandom_buf (auth, len); -+} -+ -+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */ -+ -+/* -+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by -+ * the SI. It is not part of standard ICElib. -+ */ -+ -+ -+char * -+IceGenerateMagicCookie ( -+ int len -+) -+{ -+ char *auth; -+ -+ if ((auth = malloc (len + 1)) == NULL) -+ return (NULL); -+ -+ arc4random_buf (auth, len); -+ - auth[len] = '\0'; - return (auth); - } --- -2.9.3 - diff --git a/libICE.spec b/libICE.spec index acb7939..bafd4b0 100644 --- a/libICE.spec +++ b/libICE.spec @@ -1,11 +1,11 @@ Summary: X.Org X11 ICE runtime library Name: libICE -Version: 1.0.10 -Release: 12%{?dist} +Version: 1.1.1 +Release: 1%{?dist} License: MIT-open-group URL: http://www.x.org -Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2 +Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.xz # Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8 # Patch1: 0002-Add-getentropy-emulation-through-syscall.patch @@ -68,6 +68,9 @@ done %{_libdir}/pkgconfig/ice.pc %changelog +* Thu Oct 05 2023 José Expósito - 1.1.1-1 +- libICE 1.1.1 + * Wed Sep 06 2023 Benjamin Tissoires - 1.0.10-12 - SPDX migration diff --git a/sources b/sources index c40c3da..5d15856 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libICE-1.0.10.tar.bz2) = 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468 +SHA512 (libICE-1.1.1.tar.xz) = 2f7833a25f31cc743ca95cb88f9a8403b50e19ffb5bf43bfef87ba405857d359789daaa9ec2391351237d958f16d35dbf082adb76d301e46d3a54162a6b452d3