Hello community, here is the log from the commit of package libICE for openSUSE:Factory checked in at 2019-07-17 14:22:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libICE (Old) and /work/SRC/openSUSE:Factory/.libICE.new.1887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libICE" Wed Jul 17 14:22:43 2019 rev:10 rq:715444 version:1.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/libICE/libICE.changes 2017-06-20 10:57:22.509092315 +0200 +++ /work/SRC/openSUSE:Factory/.libICE.new.1887/libICE.changes 2019-07-17 14:22:44.564185821 +0200 @@ -1,0 +2,15 @@ +Mon Jul 15 09:45:31 UTC 2019 - Stefan Dirsch <[email protected]> + +- Update to version 1.0.10 + * This release provides a fix for CVE-2017-2626 for platforms + which don't have arc4random_buf() in their default libraries + but do have getentropy(), such as Linux platforms with a kernel + version of 3.17 or newer and a glibc version of 2.25 or newer. + (libICE 1.0.9 already ensured that arc4random_buf() is used on + platforms that have it to provide sufficient entropy in ICE + key generation, but left other platforms with the weaker methods. + Linux platforms could also have linked against libbsd to use + arc4random_buf() with libICE 1.0.9 for stronger keys.) +- supersedes U_Use-getentropy-if-arc4random_buf-is-not-available.patch + +------------------------------------------------------------------- Old: ---- U_Use-getentropy-if-arc4random_buf-is-not-available.patch libICE-1.0.9.tar.bz2 New: ---- libICE-1.0.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libICE.spec ++++++ --- /var/tmp/diff_new_pack.Pkqlhh/_old 2019-07-17 14:22:44.964184731 +0200 +++ /var/tmp/diff_new_pack.Pkqlhh/_new 2019-07-17 14:22:44.968184720 +0200 @@ -1,7 +1,7 @@ # # spec file for package libICE # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: libICE %define lname libICE6 -Version: 1.0.9 +Version: 1.0.10 Release: 0 Summary: X11 Inter-Client Exchange Library License: MIT @@ -29,7 +29,6 @@ #Git-Web: http://cgit.freedesktop.org/xorg/lib/libICE/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 Source1: baselibs.conf -Patch0: U_Use-getentropy-if-arc4random_buf-is-not-available.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires: autoconf >= 2.60, automake, libtool BuildRequires: autoconf @@ -81,7 +80,6 @@ %prep %setup -q -%patch0 -p1 %build autoreconf -fi ++++++ libICE-1.0.9.tar.bz2 -> libICE-1.0.10.tar.bz2 ++++++ ++++ 29820 lines of diff (skipped)
