2 files changed, 151 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
new file mode 100644
index 0000000000..20c6dda2e4
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
@@ -0,0 +1,149 @@
+From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001
+From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Date: Tue, 4 Apr 2017 19:12:53 +0200
+Subject: Use getentropy() if arc4random_buf() is not available
+This allows to fix CVE-2017-2626 on Linux platforms without pulling in
+libbsd.
+The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
+For Linux, we need at least a v3.17 kernel. If the recommended
+arc4random_buf() function is not available, emulate it by first trying
+to use getentropy() on a supported glibc and kernel. If the call fails,
+fall back to the current (partly vulnerable) code.
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE
+                 /commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b]
+CVE: CVE-2017-2626
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ configure.ac  |  2 +-
+ src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
+ 2 files changed, 47 insertions(+), 20 deletions(-)
+diff --git a/configure.ac b/configure.ac
+index 458882a..c971ab6 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
+ 
+ # Checks for library functions.
+ AC_CHECK_LIB([bsd], [arc4random_buf])
+-AC_CHECK_FUNCS([asprintf arc4random_buf])
+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
+ 
+ # Allow checking code with lint, sparse, etc.
+ XORG_WITH_LINT
+diff --git a/src/iceauth.c b/src/iceauth.c
+index ed31683..de4785b 100644
+--- a/src/iceauth.c
+++ b/src/iceauth.c
+@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium
+ 
+ static int was_called_state;
+ 
+-/*
+- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
+- * the SI.  It is not part of standard ICElib.
+- */
+#ifndef HAVE_ARC4RANDOM_BUF
+ 
+-
+-char *
+-IceGenerateMagicCookie (
+static void
+emulate_getrandom_buf (
+       char *auth,
+        int len
+ )
+ {
+-    char    *auth;
+-#ifndef HAVE_ARC4RANDOM_BUF
+     long    ldata[2];
+     int            seed;
+     int            value;
+     int            i;
+-#endif
+ 
+-    if ((auth = malloc (len + 1)) == NULL)
+-       return (NULL);
+-
+-#ifdef HAVE_ARC4RANDOM_BUF
+-    arc4random_buf(auth, len);
+-#else
+ #ifdef ITIMER_REAL
+     {
+        struct timeval  now;
+@@ -76,13 +64,13 @@ IceGenerateMagicCookie (
+        ldata[0] = now.tv_sec;
+        ldata[1] = now.tv_usec;
+     }
+-#else
+#else /* ITIMER_REAL */
+     {
+        long    time ();
+        ldata[0] = time ((long *) 0);
+        ldata[1] = getpid ();
+     }
+-#endif
+#endif /* ITIMER_REAL */
+     seed = (ldata[0]) + (ldata[1] << 16);
+     srand (seed);
+     for (i = 0; i < len; i++)
+@@ -90,7 +78,46 @@ IceGenerateMagicCookie (
+        value = rand ();
+        auth[i] = value & 0xff;
+     }
+-#endif
+}
+
+static void
+arc4random_buf (
+       char *auth,
+       int len
+)
+{
+    int            ret;
+
+#if HAVE_GETENTROPY
+    /* weak emulation of arc4random through the entropy libc */
+    ret = getentropy (auth, len);
+    if (ret == 0)
+       return;
+#endif /* HAVE_GETENTROPY */
+
+    emulate_getrandom_buf (auth, len);
+}
+
+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
+
+/*
+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
+ * the SI.  It is not part of standard ICElib.
+ */
+
+
+char *
+IceGenerateMagicCookie (
+       int len
+)
+{
+    char    *auth;
+
+    if ((auth = malloc (len + 1)) == NULL)
+       return (NULL);
+
+    arc4random_buf (auth, len);
+
+     auth[len] = '\0';
+     return (auth);
+ }
+-- 
+cgit v1.1
diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
index f069749ce0..5ccd1d8c36 100644
--- a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
@@ -23,6 +23,8 @@ BBCLASSEXTEND = "native"
 SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726"
 SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202"
+SRC_URI += "file://CVE-2017-2626.patch"
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"

diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch new file mode 100644 index 0000000000..20c6dda2e4 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch
@@ -0,0 +1,149 @@
		1	From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001
		2	From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
		3	Date: Tue, 4 Apr 2017 19:12:53 +0200
		4	Subject: Use getentropy() if arc4random_buf() is not available
		5
		6	This allows to fix CVE-2017-2626 on Linux platforms without pulling in
		7	libbsd.
		8	The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
		9	For Linux, we need at least a v3.17 kernel. If the recommended
		10	arc4random_buf() function is not available, emulate it by first trying
		11	to use getentropy() on a supported glibc and kernel. If the call fails,
		12	fall back to the current (partly vulnerable) code.
		13
		14	Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
		15	Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
		16	Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
		17	Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
		18
		19	Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE
		20	/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b]
		21
		22	CVE: CVE-2017-2626
		23
		24	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		25	---
		26	configure.ac \| 2 +-
		27	src/iceauth.c \| 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
		28	2 files changed, 47 insertions(+), 20 deletions(-)
		29
		30	diff --git a/configure.ac b/configure.ac
		31	index 458882a..c971ab6 100644
		32	--- a/configure.ac
		33	+++ b/configure.ac
		34	@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
		35
		36	# Checks for library functions.
		37	AC_CHECK_LIB([bsd], [arc4random_buf])
		38	-AC_CHECK_FUNCS([asprintf arc4random_buf])
		39	+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
		40
		41	# Allow checking code with lint, sparse, etc.
		42	XORG_WITH_LINT
		43	diff --git a/src/iceauth.c b/src/iceauth.c
		44	index ed31683..de4785b 100644
		45	--- a/src/iceauth.c
		46	+++ b/src/iceauth.c
		47	@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium
		48
		49	static int was_called_state;
		50
		51	-/*
		52	- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
		53	- * the SI. It is not part of standard ICElib.
		54	- */
		55	+#ifndef HAVE_ARC4RANDOM_BUF
		56
		57	-
		58	-char *
		59	-IceGenerateMagicCookie (
		60	+static void
		61	+emulate_getrandom_buf (
		62	+ char *auth,
		63	int len
		64	)
		65	{
		66	- char *auth;
		67	-#ifndef HAVE_ARC4RANDOM_BUF
		68	long ldata[2];
		69	int seed;
		70	int value;
		71	int i;
		72	-#endif
		73
		74	- if ((auth = malloc (len + 1)) == NULL)
		75	- return (NULL);
		76	-
		77	-#ifdef HAVE_ARC4RANDOM_BUF
		78	- arc4random_buf(auth, len);
		79	-#else
		80	#ifdef ITIMER_REAL
		81	{
		82	struct timeval now;
		83	@@ -76,13 +64,13 @@ IceGenerateMagicCookie (
		84	ldata[0] = now.tv_sec;
		85	ldata[1] = now.tv_usec;
		86	}
		87	-#else
		88	+#else /* ITIMER_REAL */
		89	{
		90	long time ();
		91	ldata[0] = time ((long *) 0);
		92	ldata[1] = getpid ();
		93	}
		94	-#endif
		95	+#endif /* ITIMER_REAL */
		96	seed = (ldata[0]) + (ldata[1] << 16);
		97	srand (seed);
		98	for (i = 0; i < len; i++)
		99	@@ -90,7 +78,46 @@ IceGenerateMagicCookie (
		100	value = rand ();
		101	auth[i] = value & 0xff;
		102	}
		103	-#endif
		104	+}
		105	+
		106	+static void
		107	+arc4random_buf (
		108	+ char *auth,
		109	+ int len
		110	+)
		111	+{
		112	+ int ret;
		113	+
		114	+#if HAVE_GETENTROPY
		115	+ /* weak emulation of arc4random through the entropy libc */
		116	+ ret = getentropy (auth, len);
		117	+ if (ret == 0)
		118	+ return;
		119	+#endif /* HAVE_GETENTROPY */
		120	+
		121	+ emulate_getrandom_buf (auth, len);
		122	+}
		123	+
		124	+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
		125	+
		126	+/*
		127	+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
		128	+ * the SI. It is not part of standard ICElib.
		129	+ */
		130	+
		131	+
		132	+char *
		133	+IceGenerateMagicCookie (
		134	+ int len
		135	+)
		136	+{
		137	+ char *auth;
		138	+
		139	+ if ((auth = malloc (len + 1)) == NULL)
		140	+ return (NULL);
		141	+
		142	+ arc4random_buf (auth, len);
		143	+
		144	auth[len] = '\0';
		145	return (auth);
		146	}
		147	--
		148	cgit v1.1
		149


diff --git a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb b/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb index f069749ce0..5ccd1d8c36 100644 --- a/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb +++ b/meta/recipes-graphics/xorg-lib/libice_1.0.9.bb
@@ -23,6 +23,8 @@ BBCLASSEXTEND = "native"
23	SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726"	23	SRC_URI[md5sum] = "addfb1e897ca8079531669c7c7711726"
24	SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202"	24	SRC_URI[sha256sum] = "8f7032f2c1c64352b5423f6b48a8ebdc339cc63064af34d66a6c9aa79759e202"
25		25
		26	SRC_URI += "file://CVE-2017-2626.patch"
		27
26	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"	28	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
27	PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"	29	PACKAGECONFIG[arc4] = "ac_cv_lib_bsd_arc4random_buf=yes,ac_cv_lib_bsd_arc4random_buf=no,libbsd"
28	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"	30	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"