summaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics
diff options
context:
space:
mode:
authorZang Ruochen <zangrc.fnst@cn.fujitsu.com>2019-07-18 11:12:23 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-19 08:41:40 +0100
commit49c90ce762303332d752e72ce5f3198bed6dd724 (patch)
treec499ee625d84b5682d0cd8d7e96e9ae692a40b27 /meta/recipes-graphics
parent3ef6ecd0d7e3c9b92bd6b558fed26f7d9e509036 (diff)
downloadpoky-49c90ce762303332d752e72ce5f3198bed6dd724.tar.gz
libice:upgrade 1.0.9 -> 1.0.10
-Upgrade from libice_1.0.9.bb to libice_1.0.10.bb. -libice/CVE-2017-2626.patch Removed since this is included in 1.0.10. (From OE-Core rev: d3581b5d5562604ba31fc2b10873b3b0c9bf75fc) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
-rw-r--r--meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch149
-rw-r--r--meta/recipes-graphics/xorg-lib/libice_1.0.10.bb (renamed from meta/recipes-graphics/xorg-lib/libice_1.0.9.bb)6
2 files changed, 2 insertions, 153 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
deleted file mode 100644
index 20c6dda2e4..0000000000
--- a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
+++ /dev/null
@@ -1,149 +0,0 @@
1From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001
2From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
3Date: Tue, 4 Apr 2017 19:12:53 +0200
4Subject: Use getentropy() if arc4random_buf() is not available
5
6This allows to fix CVE-2017-2626 on Linux platforms without pulling in
7libbsd.
8The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
9For Linux, we need at least a v3.17 kernel. If the recommended
10arc4random_buf() function is not available, emulate it by first trying
11to use getentropy() on a supported glibc and kernel. If the call fails,
12fall back to the current (partly vulnerable) code.
13
14Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
15Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
16Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
17Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
18
19Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE
20 /commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b]
21
22CVE: CVE-2017-2626
23
24Signed-off-by: Changqing Li <changqing.li@windriver.com>
25---
26 configure.ac | 2 +-
27 src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
28 2 files changed, 47 insertions(+), 20 deletions(-)
29
30diff --git a/configure.ac b/configure.ac
31index 458882a..c971ab6 100644
32--- a/configure.ac
33+++ b/configure.ac
34@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
35
36 # Checks for library functions.
37 AC_CHECK_LIB([bsd], [arc4random_buf])
38-AC_CHECK_FUNCS([asprintf arc4random_buf])
39+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
40
41 # Allow checking code with lint, sparse, etc.
42 XORG_WITH_LINT
43diff --git a/src/iceauth.c b/src/iceauth.c
44index ed31683..de4785b 100644
45--- a/src/iceauth.c
46+++ b/src/iceauth.c
47@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium
48
49 static int was_called_state;
50
51-/*
52- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
53- * the SI. It is not part of standard ICElib.
54- */
55+#ifndef HAVE_ARC4RANDOM_BUF
56
57-
58-char *
59-IceGenerateMagicCookie (
60+static void
61+emulate_getrandom_buf (
62+ char *auth,
63 int len
64 )
65 {
66- char *auth;
67-#ifndef HAVE_ARC4RANDOM_BUF
68 long ldata[2];
69 int seed;
70 int value;
71 int i;
72-#endif
73
74- if ((auth = malloc (len + 1)) == NULL)
75- return (NULL);
76-
77-#ifdef HAVE_ARC4RANDOM_BUF
78- arc4random_buf(auth, len);
79-#else
80 #ifdef ITIMER_REAL
81 {
82 struct timeval now;
83@@ -76,13 +64,13 @@ IceGenerateMagicCookie (
84 ldata[0] = now.tv_sec;
85 ldata[1] = now.tv_usec;
86 }
87-#else
88+#else /* ITIMER_REAL */
89 {
90 long time ();
91 ldata[0] = time ((long *) 0);
92 ldata[1] = getpid ();
93 }
94-#endif
95+#endif /* ITIMER_REAL */
96 seed = (ldata[0]) + (ldata[1] << 16);
97 srand (seed);
98 for (i = 0; i < len; i++)
99@@ -90,7 +78,46 @@ IceGenerateMagicCookie (
100 value = rand ();
101 auth[i] = value & 0xff;
102 }
103-#endif
104+}
105+
106+static void
107+arc4random_buf (
108+ char *auth,
109+ int len
110+)
111+{
112+ int ret;
113+
114+#if HAVE_GETENTROPY
115+ /* weak emulation of arc4random through the entropy libc */
116+ ret = getentropy (auth, len);
117+ if (ret == 0)
118+ return;
119+#endif /* HAVE_GETENTROPY */
120+
121+ emulate_getrandom_buf (auth, len);
122+}
123+
124+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
125+
126+/*
127+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
128+ * the SI. It is not part of standard ICElib.
129+ */
130+
131+
132+char *
133+IceGenerateMagicCookie (
134+ int len
135+)
136+{
137+ char *auth;
138+
139+ if ((auth = malloc (len + 1)) == NULL)
140+ return (NULL);
141+
142+ arc4random_buf (auth, len);
143+
144 auth[len] = '\0';
145 return (auth);
146 }
147--
148cgit v1.1
149
diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb
index c1b19138fb..6a6316f320 100644
--- a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb
@@ -20,10 +20,8 @@ XORG_PN = "libICE"
20 20
21BBCLASSEXTEND = "native nativesdk" 21BBCLASSEXTEND = "native nativesdk"
22 22
23SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726" 23SRC_URI[md5sum] = "76d77499ee7120a56566891ca2c0dbcf"
24SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202" 24SRC_URI[sha256sum] = "6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348"
25
26SRC_URI += "file://CVE-2017-2626.patch"
27 25
28PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" 26PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
29PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd" 27PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"