rpms
/
libICE
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c10s
rpms:c9s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8
rpms:imports/c9/libICE-1.0.10-8.el9
rpms:imports/c9-beta/libICE-1.0.10-8.el9
rpms:imports/c8-beta/libICE-1.0.9-15.el8
rpms:imports/c8/libICE-1.0.9-15.el8
rpms:imports/c8/libICE-1.0.9-13.el8
rpms:imports/c8s/libICE-1.0.9-15.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8
rpms:imports/c9/libICE-1.0.10-8.el9
rpms:imports/c9-beta/libICE-1.0.10-8.el9
rpms:imports/c8-beta/libICE-1.0.9-15.el8
rpms:imports/c8/libICE-1.0.9-15.el8
rpms:imports/c8/libICE-1.0.9-13.el8
rpms:imports/c8s/libICE-1.0.9-15.el8

No commits in common. "c8s" and "c10s" have entirely different histories.
c8s ... c10s

9 changed files with 74 additions and 269 deletions
Show Stats Expand all files Collapse all files

6
.gitignore vendored
View File

@ -1,2 +1,6 @@
SOURCES/libICE-1.0.9.tar.bz2
libICE-1.0.6.tar.bz2
/libICE-1.0.7.tar.bz2
/libICE-1.0.8.tar.bz2
/libICE-1.0.9.tar.bz2
/libICE-1.0.10.tar.bz2
/libICE-1.1.1.tar.xz

28
0001-IceListenForWellKnownConnections-Fix-memleak.patch
View File

@ -1,28 +0,0 @@
From 6fed0334c99d3c088752b462d106a84266fb1114 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 10 Apr 2019 11:01:31 +0200
Subject: [PATCH libICE 1/3] IceListenForWellKnownConnections: Fix memleak
The function `_IceTransMakeAllCOTSServerListeners` allocates memory for
`transConns` which is leaked in case of error.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
---
src/listenwk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/listenwk.c b/src/listenwk.c
index 7517ea8..9ff26da 100644
--- a/src/listenwk.c
+++ b/src/listenwk.c
@@ -61,6 +61,7 @@ IceListenForWellKnownConnections (
strncpy (errorStringRet,
"Cannot establish any listening sockets", errorLength);
+ free (transConns);
return (0);
}
--
2.21.0

143
0001-Use-getentropy-if-arc4random_buf-is-not-available.patch
View File

@ -1,143 +0,0 @@
From 8044880840bcde6f15a078e267cf163072ac1878 Mon Sep 17 00:00:00 2001
From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Date: Tue, 4 Apr 2017 19:12:53 +0200
Subject: [PATCH libICE 1/2] Use getentropy() if arc4random_buf() is not
available
This allows to fix CVE-2017-2626 on Linux platforms without pulling in
libbsd.
The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
For Linux, we need at least a v3.17 kernel. If the recommended
arc4random_buf() function is not available, emulate it by first trying
to use getentropy() on a supported glibc and kernel. If the call fails,
fall back to the current (partly vulnerable) code.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
configure.ac | 2 +-
src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
2 files changed, 47 insertions(+), 20 deletions(-)
diff --git a/configure.ac b/configure.ac
index 458882a..c971ab6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
# Checks for library functions.
AC_CHECK_LIB([bsd], [arc4random_buf])
-AC_CHECK_FUNCS([asprintf arc4random_buf])
+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
# Allow checking code with lint, sparse, etc.
XORG_WITH_LINT
diff --git a/src/iceauth.c b/src/iceauth.c
index ef66626..9b77eac 100644
--- a/src/iceauth.c
+++ b/src/iceauth.c
@@ -42,31 +42,19 @@ Author: Ralph Mor, X Consortium
static int was_called_state;
-/*
- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
- * the SI. It is not part of standard ICElib.
- */
+#ifndef HAVE_ARC4RANDOM_BUF
-
-char *
-IceGenerateMagicCookie (
+static void
+emulate_getrandom_buf (
+ char *auth,
int len
)
{
- char *auth;
-#ifndef HAVE_ARC4RANDOM_BUF
long ldata[2];
int seed;
int value;
int i;
-#endif
- if ((auth = malloc (len + 1)) == NULL)
- return (NULL);
-
-#ifdef HAVE_ARC4RANDOM_BUF
- arc4random_buf(auth, len);
-#else
#ifdef ITIMER_REAL
{
struct timeval now;
@@ -74,13 +62,13 @@ IceGenerateMagicCookie (
ldata[0] = now.tv_sec;
ldata[1] = now.tv_usec;
}
-#else
+#else /* ITIMER_REAL */
{
long time ();
ldata[0] = time ((long *) 0);
ldata[1] = getpid ();
}
-#endif
+#endif /* ITIMER_REAL */
seed = (ldata[0]) + (ldata[1] << 16);
srand (seed);
for (i = 0; i < len; i++)
@@ -88,7 +76,46 @@ IceGenerateMagicCookie (
value = rand ();
auth[i] = value & 0xff;
}
-#endif
+}
+
+static void
+arc4random_buf (
+ char *auth,
+ int len
+)
+{
+ int ret;
+
+#if HAVE_GETENTROPY
+ /* weak emulation of arc4random through the entropy libc */
+ ret = getentropy (auth, len);
+ if (ret == 0)
+ return;
+#endif /* HAVE_GETENTROPY */
+
+ emulate_getrandom_buf (auth, len);
+}
+
+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
+
+/*
+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
+ * the SI. It is not part of standard ICElib.
+ */
+
+
+char *
+IceGenerateMagicCookie (
+ int len
+)
+{
+ char *auth;
+
+ if ((auth = malloc (len + 1)) == NULL)
+ return (NULL);
+
+ arc4random_buf (auth, len);
+
auth[len] = '\0';
return (auth);
}
--
2.9.3

31
0002-_IceRead-Avoid-possible-use-after-free.patch
View File

@ -1,31 +0,0 @@
From 32a9acc48463931e598188e3277c88925a48d7b5 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 10 Apr 2019 11:15:11 +0200
Subject: [PATCH libICE 2/3] _IceRead: Avoid possible use-after-free
`_IceRead()` gets called from multiple places which do not expect the
connection to be freed.
Do not free the connection data in `_IceRead()` to avoid potential
use-after-free issue in the various callers.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
---
src/misc.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/misc.c b/src/misc.c
index d2e9150..54b179d 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -242,7 +242,6 @@ _IceRead (
*/
_IceConnectionClosed (iceConn); /* invoke watch procs */
- _IceFreeConnection (iceConn);
return (0);
}
--
2.21.0

42
0003-cleanup-Separate-variable-assignment-and-test.patch
View File

@ -1,42 +0,0 @@
From c4fcd360d060d50673a4a35ed39c4fe7e4bc3561 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 11 Apr 2019 09:05:15 +0200
Subject: [PATCH libICE 3/3] cleanup: Separate variable assignment and test
Assigning and testing a value in a single statement hinders code clarity
and may confuses static code analyzers.
Separate the assignment and the test for clarity.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
---
src/process.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/process.c b/src/process.c
index f0c3369..e3e0a35 100644
--- a/src/process.c
+++ b/src/process.c
@@ -919,7 +919,8 @@ ProcessConnectionSetup (
EXTRACT_STRING (pData, swap, vendor);
EXTRACT_STRING (pData, swap, release);
- if ((hisAuthCount = message->authCount) > 0)
+ hisAuthCount = message->authCount;
+ if (hisAuthCount > 0)
{
hisAuthNames = malloc (hisAuthCount * sizeof (char *));
EXTRACT_LISTOF_STRING (pData, swap, hisAuthCount, hisAuthNames);
@@ -1965,7 +1966,8 @@ ProcessProtocolSetup (
EXTRACT_STRING (pData, swap, vendor);
EXTRACT_STRING (pData, swap, release);
- if ((hisAuthCount = message->authCount) > 0)
+ hisAuthCount = message->authCount;
+ if (hisAuthCount > 0)
{
hisAuthNames = malloc (hisAuthCount * sizeof (char *));
EXTRACT_LISTOF_STRING (pData, swap, hisAuthCount, hisAuthNames);
--
2.21.0

2
gating.yaml
View File

@ -1,6 +1,6 @@
--- !Policy
product_versions:
- rhel-8
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

85
libICE.spec
View File

@ -1,21 +1,17 @@
Summary: X.Org X11 ICE runtime library
Name: libICE
Version: 1.0.9
Release: 15%{?dist}
License: MIT
Group: System Environment/Libraries
Version: 1.1.1
Release: 4%{?dist}
License: MIT-open-group
URL: http://www.x.org
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.xz
Patch0: 0001-Use-getentropy-if-arc4random_buf-is-not-available.patch
Patch1: 0002-Add-getentropy-emulation-through-syscall.patch
Patch2: 0001-IceListenForWellKnownConnections-Fix-memleak.patch
Patch3: 0002-_IceRead-Avoid-possible-use-after-free.patch
Patch4: 0003-cleanup-Separate-variable-assignment-and-test.patch
# Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8
# Patch1: 0002-Add-getentropy-emulation-through-syscall.patch
BuildRequires: xorg-x11-util-macros
BuildRequires: autoconf automake libtool
BuildRequires: autoconf automake libtool make
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-5
@ -25,7 +21,6 @@ The X.Org X11 ICE (Inter-Client Exchange) runtime library.
%package devel
Summary: X.Org X11 ICE development package
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
@ -33,12 +28,7 @@ The X.Org X11 ICE (Inter-Client Exchange) development package.
%prep
%setup -q
%patch0 -p1 -b .cve-2017-2626
%patch1 -p1 -b .cve-2017-2626
%patch2 -p1 -b .IceListenForWellKnownConnections-memleak
%patch3 -p1 -b .IceRead-use-after-free
%patch4 -p1 -b .var-assignment-and-test
#patch1 -p1 -b .cve-2017-2626
%build
autoreconf -v --install --force
@ -78,11 +68,62 @@ done
%{_libdir}/pkgconfig/ice.pc
%changelog
* Tue Jun 4 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.0.9-15
- Bump version for gating
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.1.1-4
- Bump release for June 2024 mass rebuild
* Thu Apr 11 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.0.9-14
- covscan issues (rhbz#1602581)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Oct 05 2023 José Expósito <jexposit@redhat.com> - 1.1.1-1
- libICE 1.1.1
* Wed Sep 06 2023 Benjamin Tissoires <benjamin.tissoires@redhat.com> - 1.0.10-12
- SPDX migration
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Dec 01 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.0.10-5
- Add make to BuildRequires
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 16 2019 Adam Jackson <ajax@redhat.com> - 1.0.10-1
- libICE 1.0.10
* Thu Mar 21 2019 Adam Jackson <ajax@redhat.com> - 1.0.9-16
- Rebuild for xtrans 1.4.0
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.9-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.9-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Adam Jackson <ajax@redhat.com> - 1.0.9-13
- Use ldconfig scriptlet macros

4
rpminspect.yaml Normal file
View File

@ -0,0 +1,4 @@
badfuncs:
allowed:
/usr/lib*/libICE.so.*:
- gethostbyaddr

2
sources
View File

@ -1 +1 @@
SHA512 (libICE-1.0.9.tar.bz2) = daa8126ee5279c08f801274a2754132762dea2a40f4733c4b0bf8e8bdad61cba826939a2e067beb3524e256a98a2b83f23c8d4643f3e75a284ab02cc73da41b7
SHA512 (libICE-1.1.1.tar.xz) = 2f7833a25f31cc743ca95cb88f9a8403b50e19ffb5bf43bfef87ba405857d359789daaa9ec2391351237d958f16d35dbf082adb76d301e46d3a54162a6b452d3