libICE 1.1.1
Update package to version 1.1.1. Since upstream commit 08df47e4786d ("Build xz tarballs instead of bzip2"), .tar.xz is used instead of .tar.bz2, update `Source0` accordingly. Drop `0001-Use-getentropy-if-arc4random_buf-is-not-available.patch` as it is not used in the spec and it is available in the upstream commit ff5e59f32255 ("Use getentropy() if arc4random_buf() is not available"), which is included in version 1.1.1.
This commit is contained in:
parent
3021e3283e
commit
fecc1a9d39
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@ libICE-1.0.6.tar.bz2
|
|||||||
/libICE-1.0.8.tar.bz2
|
/libICE-1.0.8.tar.bz2
|
||||||
/libICE-1.0.9.tar.bz2
|
/libICE-1.0.9.tar.bz2
|
||||||
/libICE-1.0.10.tar.bz2
|
/libICE-1.0.10.tar.bz2
|
||||||
|
/libICE-1.1.1.tar.xz
|
||||||
|
@ -1,143 +0,0 @@
|
|||||||
From 8044880840bcde6f15a078e267cf163072ac1878 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
|
|
||||||
Date: Tue, 4 Apr 2017 19:12:53 +0200
|
|
||||||
Subject: [PATCH libICE 1/2] Use getentropy() if arc4random_buf() is not
|
|
||||||
available
|
|
||||||
|
|
||||||
This allows to fix CVE-2017-2626 on Linux platforms without pulling in
|
|
||||||
libbsd.
|
|
||||||
The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
|
|
||||||
For Linux, we need at least a v3.17 kernel. If the recommended
|
|
||||||
arc4random_buf() function is not available, emulate it by first trying
|
|
||||||
to use getentropy() on a supported glibc and kernel. If the call fails,
|
|
||||||
fall back to the current (partly vulnerable) code.
|
|
||||||
|
|
||||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
|
|
||||||
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
|
|
||||||
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
||||||
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
||||||
---
|
|
||||||
configure.ac | 2 +-
|
|
||||||
src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
|
|
||||||
2 files changed, 47 insertions(+), 20 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 458882a..c971ab6 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
|
|
||||||
|
|
||||||
# Checks for library functions.
|
|
||||||
AC_CHECK_LIB([bsd], [arc4random_buf])
|
|
||||||
-AC_CHECK_FUNCS([asprintf arc4random_buf])
|
|
||||||
+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
|
|
||||||
|
|
||||||
# Allow checking code with lint, sparse, etc.
|
|
||||||
XORG_WITH_LINT
|
|
||||||
diff --git a/src/iceauth.c b/src/iceauth.c
|
|
||||||
index ef66626..9b77eac 100644
|
|
||||||
--- a/src/iceauth.c
|
|
||||||
+++ b/src/iceauth.c
|
|
||||||
@@ -42,31 +42,19 @@ Author: Ralph Mor, X Consortium
|
|
||||||
|
|
||||||
static int was_called_state;
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
|
|
||||||
- * the SI. It is not part of standard ICElib.
|
|
||||||
- */
|
|
||||||
+#ifndef HAVE_ARC4RANDOM_BUF
|
|
||||||
|
|
||||||
-
|
|
||||||
-char *
|
|
||||||
-IceGenerateMagicCookie (
|
|
||||||
+static void
|
|
||||||
+emulate_getrandom_buf (
|
|
||||||
+ char *auth,
|
|
||||||
int len
|
|
||||||
)
|
|
||||||
{
|
|
||||||
- char *auth;
|
|
||||||
-#ifndef HAVE_ARC4RANDOM_BUF
|
|
||||||
long ldata[2];
|
|
||||||
int seed;
|
|
||||||
int value;
|
|
||||||
int i;
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
- if ((auth = malloc (len + 1)) == NULL)
|
|
||||||
- return (NULL);
|
|
||||||
-
|
|
||||||
-#ifdef HAVE_ARC4RANDOM_BUF
|
|
||||||
- arc4random_buf(auth, len);
|
|
||||||
-#else
|
|
||||||
#ifdef ITIMER_REAL
|
|
||||||
{
|
|
||||||
struct timeval now;
|
|
||||||
@@ -74,13 +62,13 @@ IceGenerateMagicCookie (
|
|
||||||
ldata[0] = now.tv_sec;
|
|
||||||
ldata[1] = now.tv_usec;
|
|
||||||
}
|
|
||||||
-#else
|
|
||||||
+#else /* ITIMER_REAL */
|
|
||||||
{
|
|
||||||
long time ();
|
|
||||||
ldata[0] = time ((long *) 0);
|
|
||||||
ldata[1] = getpid ();
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
+#endif /* ITIMER_REAL */
|
|
||||||
seed = (ldata[0]) + (ldata[1] << 16);
|
|
||||||
srand (seed);
|
|
||||||
for (i = 0; i < len; i++)
|
|
||||||
@@ -88,7 +76,46 @@ IceGenerateMagicCookie (
|
|
||||||
value = rand ();
|
|
||||||
auth[i] = value & 0xff;
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+arc4random_buf (
|
|
||||||
+ char *auth,
|
|
||||||
+ int len
|
|
||||||
+)
|
|
||||||
+{
|
|
||||||
+ int ret;
|
|
||||||
+
|
|
||||||
+#if HAVE_GETENTROPY
|
|
||||||
+ /* weak emulation of arc4random through the entropy libc */
|
|
||||||
+ ret = getentropy (auth, len);
|
|
||||||
+ if (ret == 0)
|
|
||||||
+ return;
|
|
||||||
+#endif /* HAVE_GETENTROPY */
|
|
||||||
+
|
|
||||||
+ emulate_getrandom_buf (auth, len);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
|
|
||||||
+ * the SI. It is not part of standard ICElib.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+char *
|
|
||||||
+IceGenerateMagicCookie (
|
|
||||||
+ int len
|
|
||||||
+)
|
|
||||||
+{
|
|
||||||
+ char *auth;
|
|
||||||
+
|
|
||||||
+ if ((auth = malloc (len + 1)) == NULL)
|
|
||||||
+ return (NULL);
|
|
||||||
+
|
|
||||||
+ arc4random_buf (auth, len);
|
|
||||||
+
|
|
||||||
auth[len] = '\0';
|
|
||||||
return (auth);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
|||||||
Summary: X.Org X11 ICE runtime library
|
Summary: X.Org X11 ICE runtime library
|
||||||
Name: libICE
|
Name: libICE
|
||||||
Version: 1.0.10
|
Version: 1.1.1
|
||||||
Release: 12%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT-open-group
|
License: MIT-open-group
|
||||||
URL: http://www.x.org
|
URL: http://www.x.org
|
||||||
|
|
||||||
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
|
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
# Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8
|
# Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8
|
||||||
# Patch1: 0002-Add-getentropy-emulation-through-syscall.patch
|
# Patch1: 0002-Add-getentropy-emulation-through-syscall.patch
|
||||||
@ -68,6 +68,9 @@ done
|
|||||||
%{_libdir}/pkgconfig/ice.pc
|
%{_libdir}/pkgconfig/ice.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 05 2023 José Expósito <jexposit@redhat.com> - 1.1.1-1
|
||||||
|
- libICE 1.1.1
|
||||||
|
|
||||||
* Wed Sep 06 2023 Benjamin Tissoires <benjamin.tissoires@redhat.com> - 1.0.10-12
|
* Wed Sep 06 2023 Benjamin Tissoires <benjamin.tissoires@redhat.com> - 1.0.10-12
|
||||||
- SPDX migration
|
- SPDX migration
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (libICE-1.0.10.tar.bz2) = 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468
|
SHA512 (libICE-1.1.1.tar.xz) = 2f7833a25f31cc743ca95cb88f9a8403b50e19ffb5bf43bfef87ba405857d359789daaa9ec2391351237d958f16d35dbf082adb76d301e46d3a54162a6b452d3
|
||||||
|
Loading…
Reference in New Issue
Block a user