rpms/libICE
7
0
Fork 0
Code Issues Pull Requests Releases Activity

libICE 1.1.1

Browse Source 
Update package to version 1.1.1.

Since upstream commit 08df47e4786d ("Build xz tarballs instead of
bzip2"), .tar.xz is used instead of .tar.bz2, update `Source0`
accordingly.

Drop `0001-Use-getentropy-if-arc4random_buf-is-not-available.patch` as
it is not used in the spec and it is available in the upstream commit
ff5e59f32255 ("Use getentropy() if arc4random_buf() is not available"),
which is included in version 1.1.1.
This commit is contained in:
José Expósito 2023-10-05 15:25:06 +02:00
parent 3021e3283e
commit fecc1a9d39
4 changed files with 8 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,3 +3,4 @@ libICE-1.0.6.tar.bz2
/libICE-1.0.8.tar.bz2
/libICE-1.0.9.tar.bz2
/libICE-1.0.10.tar.bz2
/libICE-1.1.1.tar.xz

143
0001-Use-getentropy-if-arc4random_buf-is-not-available.patch
View File

@ -1,143 +0,0 @@
From 8044880840bcde6f15a078e267cf163072ac1878 Mon Sep 17 00:00:00 2001
From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Date: Tue, 4 Apr 2017 19:12:53 +0200
Subject: [PATCH libICE 1/2] Use getentropy() if arc4random_buf() is not
available
This allows to fix CVE-2017-2626 on Linux platforms without pulling in
libbsd.
The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
For Linux, we need at least a v3.17 kernel. If the recommended
arc4random_buf() function is not available, emulate it by first trying
to use getentropy() on a supported glibc and kernel. If the call fails,
fall back to the current (partly vulnerable) code.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
configure.ac | 2 +-
src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
2 files changed, 47 insertions(+), 20 deletions(-)
diff --git a/configure.ac b/configure.ac
index 458882a..c971ab6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
# Checks for library functions.
AC_CHECK_LIB([bsd], [arc4random_buf])
-AC_CHECK_FUNCS([asprintf arc4random_buf])
+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
# Allow checking code with lint, sparse, etc.
XORG_WITH_LINT
diff --git a/src/iceauth.c b/src/iceauth.c
index ef66626..9b77eac 100644
--- a/src/iceauth.c
+++ b/src/iceauth.c
@@ -42,31 +42,19 @@ Author: Ralph Mor, X Consortium
static int was_called_state;
-/*
- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
- * the SI. It is not part of standard ICElib.
- */
+#ifndef HAVE_ARC4RANDOM_BUF
-
-char *
-IceGenerateMagicCookie (
+static void
+emulate_getrandom_buf (
+ char *auth,
int len
)
{
- char *auth;
-#ifndef HAVE_ARC4RANDOM_BUF
long ldata[2];
int seed;
int value;
int i;
-#endif
- if ((auth = malloc (len + 1)) == NULL)
- return (NULL);
-
-#ifdef HAVE_ARC4RANDOM_BUF
- arc4random_buf(auth, len);
-#else
#ifdef ITIMER_REAL
{
struct timeval now;
@@ -74,13 +62,13 @@ IceGenerateMagicCookie (
ldata[0] = now.tv_sec;
ldata[1] = now.tv_usec;
}
-#else
+#else /* ITIMER_REAL */
{
long time ();
ldata[0] = time ((long *) 0);
ldata[1] = getpid ();
}
-#endif
+#endif /* ITIMER_REAL */
seed = (ldata[0]) + (ldata[1] << 16);
srand (seed);
for (i = 0; i < len; i++)
@@ -88,7 +76,46 @@ IceGenerateMagicCookie (
value = rand ();
auth[i] = value & 0xff;
}
-#endif
+}
+
+static void
+arc4random_buf (
+ char *auth,
+ int len
+)
+{
+ int ret;
+
+#if HAVE_GETENTROPY
+ /* weak emulation of arc4random through the entropy libc */
+ ret = getentropy (auth, len);
+ if (ret == 0)
+ return;
+#endif /* HAVE_GETENTROPY */
+
+ emulate_getrandom_buf (auth, len);
+}
+
+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
+
+/*
+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
+ * the SI. It is not part of standard ICElib.
+ */
+
+
+char *
+IceGenerateMagicCookie (
+ int len
+)
+{
+ char *auth;
+
+ if ((auth = malloc (len + 1)) == NULL)
+ return (NULL);
+
+ arc4random_buf (auth, len);
+
auth[len] = '\0';
return (auth);
}
--
2.9.3

9
libICE.spec
View File

@ -1,11 +1,11 @@
Summary: X.Org X11 ICE runtime library
Name: libICE
Version: 1.0.10
Release: 12%{?dist}
Version: 1.1.1
Release: 1%{?dist}
License: MIT-open-group
URL: http://www.x.org
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.xz
# Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8
# Patch1: 0002-Add-getentropy-emulation-through-syscall.patch
@ -68,6 +68,9 @@ done
%{_libdir}/pkgconfig/ice.pc
%changelog
* Thu Oct 05 2023 José Expósito <jexposit@redhat.com> - 1.1.1-1
- libICE 1.1.1
* Wed Sep 06 2023 Benjamin Tissoires <benjamin.tissoires@redhat.com> - 1.0.10-12
- SPDX migration

2
sources
View File

@ -1 +1 @@
SHA512 (libICE-1.0.10.tar.bz2) = 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468
SHA512 (libICE-1.1.1.tar.xz) = 2f7833a25f31cc743ca95cb88f9a8403b50e19ffb5bf43bfef87ba405857d359789daaa9ec2391351237d958f16d35dbf082adb76d301e46d3a54162a6b452d3