libICE 1.1.1
Update package to version 1.1.1.
Since upstream commit 08df47e4786d ("Build xz tarballs instead of
bzip2"), .tar.xz is used instead of .tar.bz2, update `Source0`
accordingly.
Drop `0001-Use-getentropy-if-arc4random_buf-is-not-available.patch` as
it is not used in the spec and it is available in the upstream commit
ff5e59f32255 ("Use getentropy() if arc4random_buf() is not available"),
which is included in version 1.1.1.
			
			
This commit is contained in:
		
							parent
							
								
									3021e3283e
								
							
						
					
					
						commit
						fecc1a9d39
					
				
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -3,3 +3,4 @@ libICE-1.0.6.tar.bz2 | |||||||
| /libICE-1.0.8.tar.bz2 | /libICE-1.0.8.tar.bz2 | ||||||
| /libICE-1.0.9.tar.bz2 | /libICE-1.0.9.tar.bz2 | ||||||
| /libICE-1.0.10.tar.bz2 | /libICE-1.0.10.tar.bz2 | ||||||
|  | /libICE-1.1.1.tar.xz | ||||||
|  | |||||||
| @ -1,143 +0,0 @@ | |||||||
| From 8044880840bcde6f15a078e267cf163072ac1878 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Benjamin Tissoires <benjamin.tissoires@gmail.com> |  | ||||||
| Date: Tue, 4 Apr 2017 19:12:53 +0200 |  | ||||||
| Subject: [PATCH libICE 1/2] Use getentropy() if arc4random_buf() is not |  | ||||||
|  available |  | ||||||
| 
 |  | ||||||
| This allows to fix CVE-2017-2626 on Linux platforms without pulling in |  | ||||||
| libbsd. |  | ||||||
| The libc getentropy() is available since glibc 2.25 but also on OpenBSD. |  | ||||||
| For Linux, we need at least a v3.17 kernel. If the recommended |  | ||||||
| arc4random_buf() function is not available, emulate it by first trying |  | ||||||
| to use getentropy() on a supported glibc and kernel. If the call fails, |  | ||||||
| fall back to the current (partly vulnerable) code. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> |  | ||||||
| Reviewed-by: Mark Kettenis <kettenis@openbsd.org> |  | ||||||
| Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> |  | ||||||
| Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> |  | ||||||
| ---
 |  | ||||||
|  configure.ac  |  2 +- |  | ||||||
|  src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++----------------- |  | ||||||
|  2 files changed, 47 insertions(+), 20 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/configure.ac b/configure.ac
 |  | ||||||
| index 458882a..c971ab6 100644
 |  | ||||||
| --- a/configure.ac
 |  | ||||||
| +++ b/configure.ac
 |  | ||||||
| @@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
 |  | ||||||
|   |  | ||||||
|  # Checks for library functions. |  | ||||||
|  AC_CHECK_LIB([bsd], [arc4random_buf]) |  | ||||||
| -AC_CHECK_FUNCS([asprintf arc4random_buf])
 |  | ||||||
| +AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
 |  | ||||||
|   |  | ||||||
|  # Allow checking code with lint, sparse, etc. |  | ||||||
|  XORG_WITH_LINT |  | ||||||
| diff --git a/src/iceauth.c b/src/iceauth.c
 |  | ||||||
| index ef66626..9b77eac 100644
 |  | ||||||
| --- a/src/iceauth.c
 |  | ||||||
| +++ b/src/iceauth.c
 |  | ||||||
| @@ -42,31 +42,19 @@ Author: Ralph Mor, X Consortium
 |  | ||||||
|   |  | ||||||
|  static int was_called_state; |  | ||||||
|   |  | ||||||
| -/*
 |  | ||||||
| - * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
 |  | ||||||
| - * the SI.  It is not part of standard ICElib.
 |  | ||||||
| - */
 |  | ||||||
| +#ifndef HAVE_ARC4RANDOM_BUF
 |  | ||||||
|   |  | ||||||
| -
 |  | ||||||
| -char *
 |  | ||||||
| -IceGenerateMagicCookie (
 |  | ||||||
| +static void
 |  | ||||||
| +emulate_getrandom_buf (
 |  | ||||||
| +	char *auth,
 |  | ||||||
|  	int len |  | ||||||
|  ) |  | ||||||
|  { |  | ||||||
| -    char    *auth;
 |  | ||||||
| -#ifndef HAVE_ARC4RANDOM_BUF
 |  | ||||||
|      long    ldata[2]; |  | ||||||
|      int	    seed; |  | ||||||
|      int	    value; |  | ||||||
|      int	    i; |  | ||||||
| -#endif
 |  | ||||||
|   |  | ||||||
| -    if ((auth = malloc (len + 1)) == NULL)
 |  | ||||||
| -	return (NULL);
 |  | ||||||
| -
 |  | ||||||
| -#ifdef HAVE_ARC4RANDOM_BUF
 |  | ||||||
| -    arc4random_buf(auth, len);
 |  | ||||||
| -#else
 |  | ||||||
|  #ifdef ITIMER_REAL |  | ||||||
|      { |  | ||||||
|  	struct timeval  now; |  | ||||||
| @@ -74,13 +62,13 @@ IceGenerateMagicCookie (
 |  | ||||||
|  	ldata[0] = now.tv_sec; |  | ||||||
|  	ldata[1] = now.tv_usec; |  | ||||||
|      } |  | ||||||
| -#else
 |  | ||||||
| +#else /* ITIMER_REAL */
 |  | ||||||
|      { |  | ||||||
|  	long    time (); |  | ||||||
|  	ldata[0] = time ((long *) 0); |  | ||||||
|  	ldata[1] = getpid (); |  | ||||||
|      } |  | ||||||
| -#endif
 |  | ||||||
| +#endif /* ITIMER_REAL */
 |  | ||||||
|      seed = (ldata[0]) + (ldata[1] << 16); |  | ||||||
|      srand (seed); |  | ||||||
|      for (i = 0; i < len; i++) |  | ||||||
| @@ -88,7 +76,46 @@ IceGenerateMagicCookie (
 |  | ||||||
|  	value = rand (); |  | ||||||
|  	auth[i] = value & 0xff; |  | ||||||
|      } |  | ||||||
| -#endif
 |  | ||||||
| +}
 |  | ||||||
| +
 |  | ||||||
| +static void
 |  | ||||||
| +arc4random_buf (
 |  | ||||||
| +	char *auth,
 |  | ||||||
| +	int len
 |  | ||||||
| +)
 |  | ||||||
| +{
 |  | ||||||
| +    int	    ret;
 |  | ||||||
| +
 |  | ||||||
| +#if HAVE_GETENTROPY
 |  | ||||||
| +    /* weak emulation of arc4random through the entropy libc */
 |  | ||||||
| +    ret = getentropy (auth, len);
 |  | ||||||
| +    if (ret == 0)
 |  | ||||||
| +	return;
 |  | ||||||
| +#endif /* HAVE_GETENTROPY */
 |  | ||||||
| +
 |  | ||||||
| +    emulate_getrandom_buf (auth, len);
 |  | ||||||
| +}
 |  | ||||||
| +
 |  | ||||||
| +#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
 |  | ||||||
| +
 |  | ||||||
| +/*
 |  | ||||||
| + * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
 |  | ||||||
| + * the SI.  It is not part of standard ICElib.
 |  | ||||||
| + */
 |  | ||||||
| +
 |  | ||||||
| +
 |  | ||||||
| +char *
 |  | ||||||
| +IceGenerateMagicCookie (
 |  | ||||||
| +	int len
 |  | ||||||
| +)
 |  | ||||||
| +{
 |  | ||||||
| +    char    *auth;
 |  | ||||||
| +
 |  | ||||||
| +    if ((auth = malloc (len + 1)) == NULL)
 |  | ||||||
| +	return (NULL);
 |  | ||||||
| +
 |  | ||||||
| +    arc4random_buf (auth, len);
 |  | ||||||
| +
 |  | ||||||
|      auth[len] = '\0'; |  | ||||||
|      return (auth); |  | ||||||
|  } |  | ||||||
| -- 
 |  | ||||||
| 2.9.3 |  | ||||||
| 
 |  | ||||||
| @ -1,11 +1,11 @@ | |||||||
| Summary: X.Org X11 ICE runtime library | Summary: X.Org X11 ICE runtime library | ||||||
| Name: libICE | Name: libICE | ||||||
| Version: 1.0.10 | Version: 1.1.1 | ||||||
| Release: 12%{?dist} | Release: 1%{?dist} | ||||||
| License: MIT-open-group | License: MIT-open-group | ||||||
| URL: http://www.x.org | URL: http://www.x.org | ||||||
| 
 | 
 | ||||||
| Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2 | Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.xz | ||||||
| 
 | 
 | ||||||
| # Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8 | # Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8 | ||||||
| # Patch1: 0002-Add-getentropy-emulation-through-syscall.patch | # Patch1: 0002-Add-getentropy-emulation-through-syscall.patch | ||||||
| @ -68,6 +68,9 @@ done | |||||||
| %{_libdir}/pkgconfig/ice.pc | %{_libdir}/pkgconfig/ice.pc | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Thu Oct 05 2023 José Expósito <jexposit@redhat.com> - 1.1.1-1 | ||||||
|  | - libICE 1.1.1 | ||||||
|  | 
 | ||||||
| * Wed Sep 06 2023 Benjamin Tissoires <benjamin.tissoires@redhat.com> - 1.0.10-12 | * Wed Sep 06 2023 Benjamin Tissoires <benjamin.tissoires@redhat.com> - 1.0.10-12 | ||||||
| - SPDX migration | - SPDX migration | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										2
									
								
								sources
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								sources
									
									
									
									
									
								
							| @ -1 +1 @@ | |||||||
| SHA512 (libICE-1.0.10.tar.bz2) = 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468 | SHA512 (libICE-1.1.1.tar.xz) = 2f7833a25f31cc743ca95cb88f9a8403b50e19ffb5bf43bfef87ba405857d359789daaa9ec2391351237d958f16d35dbf082adb76d301e46d3a54162a6b452d3 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user