From d3581b5d5562604ba31fc2b10873b3b0c9bf75fc Mon Sep 17 00:00:00 2001 From: Zang Ruochen Date: Thu, 18 Jul 2019 11:12:23 +0800 Subject: libice:upgrade 1.0.9 -> 1.0.10 -Upgrade from libice_1.0.9.bb to libice_1.0.10.bb. -libice/CVE-2017-2626.patch Removed since this is included in 1.0.10. Signed-off-by: Zang Ruochen Signed-off-by: Richard Purdie --- .../xorg-lib/libice/CVE-2017-2626.patch | 149 --------------------- meta/recipes-graphics/xorg-lib/libice_1.0.10.bb | 28 ++++ meta/recipes-graphics/xorg-lib/libice_1.0.9.bb | 30 ----- 3 files changed, 28 insertions(+), 179 deletions(-) delete mode 100644 meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch create mode 100644 meta/recipes-graphics/xorg-lib/libice_1.0.10.bb delete mode 100644 meta/recipes-graphics/xorg-lib/libice_1.0.9.bb (limited to 'meta/recipes-graphics') diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch deleted file mode 100644 index 20c6dda2e4..0000000000 --- a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch +++ /dev/null @@ -1,149 +0,0 @@ -From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001 -From: Benjamin Tissoires -Date: Tue, 4 Apr 2017 19:12:53 +0200 -Subject: Use getentropy() if arc4random_buf() is not available - -This allows to fix CVE-2017-2626 on Linux platforms without pulling in -libbsd. -The libc getentropy() is available since glibc 2.25 but also on OpenBSD. -For Linux, we need at least a v3.17 kernel. If the recommended -arc4random_buf() function is not available, emulate it by first trying -to use getentropy() on a supported glibc and kernel. If the call fails, -fall back to the current (partly vulnerable) code. - -Signed-off-by: Benjamin Tissoires -Reviewed-by: Mark Kettenis -Reviewed-by: Alan Coopersmith -Signed-off-by: Peter Hutterer - -Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE - /commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b] - -CVE: CVE-2017-2626 - -Signed-off-by: Changqing Li ---- - configure.ac | 2 +- - src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++----------------- - 2 files changed, 47 insertions(+), 20 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 458882a..c971ab6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type]) - - # Checks for library functions. - AC_CHECK_LIB([bsd], [arc4random_buf]) --AC_CHECK_FUNCS([asprintf arc4random_buf]) -+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy]) - - # Allow checking code with lint, sparse, etc. - XORG_WITH_LINT -diff --git a/src/iceauth.c b/src/iceauth.c -index ed31683..de4785b 100644 ---- a/src/iceauth.c -+++ b/src/iceauth.c -@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium - - static int was_called_state; - --/* -- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by -- * the SI. It is not part of standard ICElib. -- */ -+#ifndef HAVE_ARC4RANDOM_BUF - -- --char * --IceGenerateMagicCookie ( -+static void -+emulate_getrandom_buf ( -+ char *auth, - int len - ) - { -- char *auth; --#ifndef HAVE_ARC4RANDOM_BUF - long ldata[2]; - int seed; - int value; - int i; --#endif - -- if ((auth = malloc (len + 1)) == NULL) -- return (NULL); -- --#ifdef HAVE_ARC4RANDOM_BUF -- arc4random_buf(auth, len); --#else - #ifdef ITIMER_REAL - { - struct timeval now; -@@ -76,13 +64,13 @@ IceGenerateMagicCookie ( - ldata[0] = now.tv_sec; - ldata[1] = now.tv_usec; - } --#else -+#else /* ITIMER_REAL */ - { - long time (); - ldata[0] = time ((long *) 0); - ldata[1] = getpid (); - } --#endif -+#endif /* ITIMER_REAL */ - seed = (ldata[0]) + (ldata[1] << 16); - srand (seed); - for (i = 0; i < len; i++) -@@ -90,7 +78,46 @@ IceGenerateMagicCookie ( - value = rand (); - auth[i] = value & 0xff; - } --#endif -+} -+ -+static void -+arc4random_buf ( -+ char *auth, -+ int len -+) -+{ -+ int ret; -+ -+#if HAVE_GETENTROPY -+ /* weak emulation of arc4random through the entropy libc */ -+ ret = getentropy (auth, len); -+ if (ret == 0) -+ return; -+#endif /* HAVE_GETENTROPY */ -+ -+ emulate_getrandom_buf (auth, len); -+} -+ -+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */ -+ -+/* -+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by -+ * the SI. It is not part of standard ICElib. -+ */ -+ -+ -+char * -+IceGenerateMagicCookie ( -+ int len -+) -+{ -+ char *auth; -+ -+ if ((auth = malloc (len + 1)) == NULL) -+ return (NULL); -+ -+ arc4random_buf (auth, len); -+ - auth[len] = '\0'; - return (auth); - } --- -cgit v1.1 - diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb new file mode 100644 index 0000000000..6a6316f320 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb @@ -0,0 +1,28 @@ +SUMMARY = "ICE: Inter-Client Exchange library" + +DESCRIPTION = "The Inter-Client Exchange (ICE) protocol provides a \ +generic framework for building protocols on top of reliable, byte-stream \ +transport connections. It provides basic mechanisms for setting up and \ +shutting down connections, for performing authentication, for \ +negotiating versions, and for reporting errors. " + +require xorg-lib-common.inc + +LICENSE = "MIT-style" +LIC_FILES_CHKSUM = "file://COPYING;md5=d162b1b3c6fa812da9d804dcf8584a93" + +DEPENDS += "xorgproto xtrans" +PROVIDES = "ice" + +PE = "1" + +XORG_PN = "libICE" + +BBCLASSEXTEND = "native nativesdk" + +SRC_URI[md5sum] = "76d77499ee7120a56566891ca2c0dbcf" +SRC_URI[sha256sum] = "6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" +PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb deleted file mode 100644 index c1b19138fb..0000000000 --- a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "ICE: Inter-Client Exchange library" - -DESCRIPTION = "The Inter-Client Exchange (ICE) protocol provides a \ -generic framework for building protocols on top of reliable, byte-stream \ -transport connections. It provides basic mechanisms for setting up and \ -shutting down connections, for performing authentication, for \ -negotiating versions, and for reporting errors. " - -require xorg-lib-common.inc - -LICENSE = "MIT-style" -LIC_FILES_CHKSUM = "file://COPYING;md5=d162b1b3c6fa812da9d804dcf8584a93" - -DEPENDS += "xorgproto xtrans" -PROVIDES = "ice" - -PE = "1" - -XORG_PN = "libICE" - -BBCLASSEXTEND = "native nativesdk" - -SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726" -SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202" - -SRC_URI += "file://CVE-2017-2626.patch" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" -PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -- cgit 1.2.3-korg