libice:upgrade 1.0.9 -> 1.0.10

-Upgrade from libice_1.0.9.bb to libice_1.0.10.bb. -libice/CVE-2017-2626.patch Removed since this is included in 1.0.10. (From OE-Core rev: d3581b5d5562604ba31fc2b10873b3b0c9bf75fc) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> 2019-07-18 11:12:23 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-19 08:41:40 +0100
commit: 49c90ce762303332d752e72ce5f3198bed6dd724 (patch)
tree: c499ee625d84b5682d0cd8d7e96e9ae692a40b27 /meta
parent: 3ef6ecd0d7e3c9b92bd6b558fed26f7d9e509036 (diff)
download: poky-49c90ce762303332d752e72ce5f3198bed6dd724.tar.gz
2 files changed, 2 insertions, 153 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
deleted file mode 100644
index 20c6dda2e4..0000000000
--- a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
-Date: Tue, 4 Apr 2017 19:12:53 +0200
-Subject: Use getentropy() if arc4random_buf() is not available
-This allows to fix CVE-2017-2626 on Linux platforms without pulling in
-libbsd.
-The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
-For Linux, we need at least a v3.17 kernel. If the recommended
-arc4random_buf() function is not available, emulate it by first trying
-to use getentropy() on a supported glibc and kernel. If the call fails,
-fall back to the current (partly vulnerable) code.
-Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
-Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE
-                 /commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b]
-CVE: CVE-2017-2626
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
- configure.ac  |  2 +-
- src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
- 2 files changed, 47 insertions(+), 20 deletions(-)
-diff --git a/configure.ac b/configure.ac
-index 458882a..c971ab6 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
- 
- # Checks for library functions.
- AC_CHECK_LIB([bsd], [arc4random_buf])
-AC_CHECK_FUNCS([asprintf arc4random_buf])
-+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
- 
- # Allow checking code with lint, sparse, etc.
- XORG_WITH_LINT
-diff --git a/src/iceauth.c b/src/iceauth.c
-index ed31683..de4785b 100644
--- a/src/iceauth.c
-+++ b/src/iceauth.c
-@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium
- 
- static int was_called_state;
- 
-/*
- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
- * the SI.  It is not part of standard ICElib.
- */
-+#ifndef HAVE_ARC4RANDOM_BUF
- 
-
-char *
-IceGenerateMagicCookie (
-+static void
-+emulate_getrandom_buf (
-+       char *auth,
-        int len
- )
- {
-    char    *auth;
-#ifndef HAVE_ARC4RANDOM_BUF
-     long    ldata[2];
-     int            seed;
-     int            value;
-     int            i;
-#endif
- 
-    if ((auth = malloc (len + 1)) == NULL)
-       return (NULL);
-
-#ifdef HAVE_ARC4RANDOM_BUF
-    arc4random_buf(auth, len);
-#else
- #ifdef ITIMER_REAL
-     {
-        struct timeval  now;
-@@ -76,13 +64,13 @@ IceGenerateMagicCookie (
-        ldata[0] = now.tv_sec;
-        ldata[1] = now.tv_usec;
-     }
-#else
-+#else /* ITIMER_REAL */
-     {
-        long    time ();
-        ldata[0] = time ((long *) 0);
-        ldata[1] = getpid ();
-     }
-#endif
-+#endif /* ITIMER_REAL */
-     seed = (ldata[0]) + (ldata[1] << 16);
-     srand (seed);
-     for (i = 0; i < len; i++)
-@@ -90,7 +78,46 @@ IceGenerateMagicCookie (
-        value = rand ();
-        auth[i] = value & 0xff;
-     }
-#endif
-+}
-+
-+static void
-+arc4random_buf (
-+       char *auth,
-+       int len
-+)
-+{
-+    int            ret;
-+
-+#if HAVE_GETENTROPY
-+    /* weak emulation of arc4random through the entropy libc */
-+    ret = getentropy (auth, len);
-+    if (ret == 0)
-+       return;
-+#endif /* HAVE_GETENTROPY */
-+
-+    emulate_getrandom_buf (auth, len);
-+}
-+
-+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
-+
-+/*
-+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
-+ * the SI.  It is not part of standard ICElib.
-+ */
-+
-+
-+char *
-+IceGenerateMagicCookie (
-+       int len
-+)
-+{
-+    char    *auth;
-+
-+    if ((auth = malloc (len + 1)) == NULL)
-+       return (NULL);
-+
-+    arc4random_buf (auth, len);
-+
-     auth[len] = '\0';
-     return (auth);
- }
-- 
-cgit v1.1
diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb
index c1b19138fb..6a6316f320 100644
--- a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb
@@ -20,10 +20,8 @@ XORG_PN = "libICE"
 BBCLASSEXTEND = "native nativesdk"
-SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726"
+SRC_URI[md5sum] = "76d77499ee7120a56566891ca2c0dbcf"
-SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202"
+SRC_URI[sha256sum] = "6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348"
-SRC_URI += "file://CVE-2017-2626.patch"
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"
author	Zang Ruochen <zangrc.fnst@cn.fujitsu.com>	2019-07-18 11:12:23 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-19 08:41:40 +0100
commit	49c90ce762303332d752e72ce5f3198bed6dd724 (patch)
tree	c499ee625d84b5682d0cd8d7e96e9ae692a40b27 /meta
parent	3ef6ecd0d7e3c9b92bd6b558fed26f7d9e509036 (diff)
download	poky-49c90ce762303332d752e72ce5f3198bed6dd724.tar.gz

diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch deleted file mode 100644 index 20c6dda2e4..0000000000 --- a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch +++ /dev/null
@@ -1,149 +0,0 @@
1	From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001
2	From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
3	Date: Tue, 4 Apr 2017 19:12:53 +0200
4	Subject: Use getentropy() if arc4random_buf() is not available
5
6	This allows to fix CVE-2017-2626 on Linux platforms without pulling in
7	libbsd.
8	The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
9	For Linux, we need at least a v3.17 kernel. If the recommended
10	arc4random_buf() function is not available, emulate it by first trying
11	to use getentropy() on a supported glibc and kernel. If the call fails,
12	fall back to the current (partly vulnerable) code.
13
14	Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
15	Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
16	Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
17	Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
18
19	Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE
20	/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b]
21
22	CVE: CVE-2017-2626
23
24	Signed-off-by: Changqing Li <changqing.li@windriver.com>
25	---
26	configure.ac \| 2 +-
27	src/iceauth.c \| 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
28	2 files changed, 47 insertions(+), 20 deletions(-)
29
30	diff --git a/configure.ac b/configure.ac
31	index 458882a..c971ab6 100644
32	--- a/configure.ac
33	+++ b/configure.ac
34	@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
35
36	# Checks for library functions.
37	AC_CHECK_LIB([bsd], [arc4random_buf])
38	-AC_CHECK_FUNCS([asprintf arc4random_buf])
39	+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
40
41	# Allow checking code with lint, sparse, etc.
42	XORG_WITH_LINT
43	diff --git a/src/iceauth.c b/src/iceauth.c
44	index ed31683..de4785b 100644
45	--- a/src/iceauth.c
46	+++ b/src/iceauth.c
47	@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium
48
49	static int was_called_state;
50
51	-/*
52	- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
53	- * the SI. It is not part of standard ICElib.
54	- */
55	+#ifndef HAVE_ARC4RANDOM_BUF
56
57	-
58	-char *
59	-IceGenerateMagicCookie (
60	+static void
61	+emulate_getrandom_buf (
62	+ char *auth,
63	int len
64	)
65	{
66	- char *auth;
67	-#ifndef HAVE_ARC4RANDOM_BUF
68	long ldata[2];
69	int seed;
70	int value;
71	int i;
72	-#endif
73
74	- if ((auth = malloc (len + 1)) == NULL)
75	- return (NULL);
76	-
77	-#ifdef HAVE_ARC4RANDOM_BUF
78	- arc4random_buf(auth, len);
79	-#else
80	#ifdef ITIMER_REAL
81	{
82	struct timeval now;
83	@@ -76,13 +64,13 @@ IceGenerateMagicCookie (
84	ldata[0] = now.tv_sec;
85	ldata[1] = now.tv_usec;
86	}
87	-#else
88	+#else /* ITIMER_REAL */
89	{
90	long time ();
91	ldata[0] = time ((long *) 0);
92	ldata[1] = getpid ();
93	}
94	-#endif
95	+#endif /* ITIMER_REAL */
96	seed = (ldata[0]) + (ldata[1] << 16);
97	srand (seed);
98	for (i = 0; i < len; i++)
99	@@ -90,7 +78,46 @@ IceGenerateMagicCookie (
100	value = rand ();
101	auth[i] = value & 0xff;
102	}
103	-#endif
104	+}
105	+
106	+static void
107	+arc4random_buf (
108	+ char *auth,
109	+ int len
110	+)
111	+{
112	+ int ret;
113	+
114	+#if HAVE_GETENTROPY
115	+ /* weak emulation of arc4random through the entropy libc */
116	+ ret = getentropy (auth, len);
117	+ if (ret == 0)
118	+ return;
119	+#endif /* HAVE_GETENTROPY */
120	+
121	+ emulate_getrandom_buf (auth, len);
122	+}
123	+
124	+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
125	+
126	+/*
127	+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
128	+ * the SI. It is not part of standard ICElib.
129	+ */
130	+
131	+
132	+char *
133	+IceGenerateMagicCookie (
134	+ int len
135	+)
136	+{
137	+ char *auth;
138	+
139	+ if ((auth = malloc (len + 1)) == NULL)
140	+ return (NULL);
141	+
142	+ arc4random_buf (auth, len);
143	+
144	auth[len] = '\0';
145	return (auth);
146	}
147	--
148	cgit v1.1
149


diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb index c1b19138fb..6a6316f320 100644 --- a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb +++ b/meta/recipes-graphics/xorg-lib/libice_1.0.10.bb
@@ -20,10 +20,8 @@ XORG_PN = "libICE"
20		20
21	BBCLASSEXTEND = "native nativesdk"	21	BBCLASSEXTEND = "native nativesdk"
22		22
23	SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726"	23	SRC_URI[md5sum] = "76d77499ee7120a56566891ca2c0dbcf"
24	SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202"	24	SRC_URI[sha256sum] = "6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348"
25
26	SRC_URI += "file://CVE-2017-2626.patch"
27		25
28	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"	26	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
29	PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"	27	PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"