aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics
diff options
context:
space:
mode:
authorChangqing Li <changqing.li@windriver.com>2018-08-27 10:17:30 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-06 23:43:34 +0100
commit890093056ccff294364cc768bd797cb54fcbcee3 (patch)
treeb98ee821b1ad24b7d8f3f1e4a9b8101aff0ea5ec /meta/recipes-graphics
parent734a1bb8944caef1336f3a9cc98ea104d6be1f57 (diff)
downloadopenembedded-core-contrib-890093056ccff294364cc768bd797cb54fcbcee3.tar.gz
libice: patch for CVE-2017-2626
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
-rw-r--r--meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch149
-rw-r--r--meta/recipes-graphics/xorg-lib/libice_1.0.9.bb2
2 files changed, 151 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
new file mode 100644
index 0000000000..20c6dda2e4
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
@@ -0,0 +1,149 @@
+From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001
+From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Date: Tue, 4 Apr 2017 19:12:53 +0200
+Subject: Use getentropy() if arc4random_buf() is not available
+
+This allows to fix CVE-2017-2626 on Linux platforms without pulling in
+libbsd.
+The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
+For Linux, we need at least a v3.17 kernel. If the recommended
+arc4random_buf() function is not available, emulate it by first trying
+to use getentropy() on a supported glibc and kernel. If the call fails,
+fall back to the current (partly vulnerable) code.
+
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE
+ /commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b]
+
+CVE: CVE-2017-2626
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ configure.ac | 2 +-
+ src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
+ 2 files changed, 47 insertions(+), 20 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 458882a..c971ab6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
+
+ # Checks for library functions.
+ AC_CHECK_LIB([bsd], [arc4random_buf])
+-AC_CHECK_FUNCS([asprintf arc4random_buf])
++AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
+
+ # Allow checking code with lint, sparse, etc.
+ XORG_WITH_LINT
+diff --git a/src/iceauth.c b/src/iceauth.c
+index ed31683..de4785b 100644
+--- a/src/iceauth.c
++++ b/src/iceauth.c
+@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium
+
+ static int was_called_state;
+
+-/*
+- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
+- * the SI. It is not part of standard ICElib.
+- */
++#ifndef HAVE_ARC4RANDOM_BUF
+
+-
+-char *
+-IceGenerateMagicCookie (
++static void
++emulate_getrandom_buf (
++ char *auth,
+ int len
+ )
+ {
+- char *auth;
+-#ifndef HAVE_ARC4RANDOM_BUF
+ long ldata[2];
+ int seed;
+ int value;
+ int i;
+-#endif
+
+- if ((auth = malloc (len + 1)) == NULL)
+- return (NULL);
+-
+-#ifdef HAVE_ARC4RANDOM_BUF
+- arc4random_buf(auth, len);
+-#else
+ #ifdef ITIMER_REAL
+ {
+ struct timeval now;
+@@ -76,13 +64,13 @@ IceGenerateMagicCookie (
+ ldata[0] = now.tv_sec;
+ ldata[1] = now.tv_usec;
+ }
+-#else
++#else /* ITIMER_REAL */
+ {
+ long time ();
+ ldata[0] = time ((long *) 0);
+ ldata[1] = getpid ();
+ }
+-#endif
++#endif /* ITIMER_REAL */
+ seed = (ldata[0]) + (ldata[1] << 16);
+ srand (seed);
+ for (i = 0; i < len; i++)
+@@ -90,7 +78,46 @@ IceGenerateMagicCookie (
+ value = rand ();
+ auth[i] = value & 0xff;
+ }
+-#endif
++}
++
++static void
++arc4random_buf (
++ char *auth,
++ int len
++)
++{
++ int ret;
++
++#if HAVE_GETENTROPY
++ /* weak emulation of arc4random through the entropy libc */
++ ret = getentropy (auth, len);
++ if (ret == 0)
++ return;
++#endif /* HAVE_GETENTROPY */
++
++ emulate_getrandom_buf (auth, len);
++}
++
++#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
++
++/*
++ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
++ * the SI. It is not part of standard ICElib.
++ */
++
++
++char *
++IceGenerateMagicCookie (
++ int len
++)
++{
++ char *auth;
++
++ if ((auth = malloc (len + 1)) == NULL)
++ return (NULL);
++
++ arc4random_buf (auth, len);
++
+ auth[len] = '\0';
+ return (auth);
+ }
+--
+cgit v1.1
+
diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
index 0337d21189..999434ee55 100644
--- a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
@@ -23,6 +23,8 @@ BBCLASSEXTEND = "native"
SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726"
SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202"
+SRC_URI += "file://CVE-2017-2626.patch"
+
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"