commit libICE for openSUSE:Factory
Hello community, here is the log from the commit of package libICE for openSUSE:Factory checked in at 2019-07-17 14:22:43 Comparing /work/SRC/openSUSE:Factory/libICE (Old) and /work/SRC/openSUSE:Factory/.libICE.new.1887 (New) Package is "libICE" Wed Jul 17 14:22:43 2019 rev:10 rq:715444 version:1.0.10 Changes: --- /work/SRC/openSUSE:Factory/libICE/libICE.changes2017-06-20 10:57:22.509092315 +0200 +++ /work/SRC/openSUSE:Factory/.libICE.new.1887/libICE.changes 2019-07-17 14:22:44.564185821 +0200 @@ -1,0 +2,15 @@ +Mon Jul 15 09:45:31 UTC 2019 - Stefan Dirsch + +- Update to version 1.0.10 + * This release provides a fix for CVE-2017-2626 for platforms +which don't have arc4random_buf() in their default libraries +but do have getentropy(), such as Linux platforms with a kernel +version of 3.17 or newer and a glibc version of 2.25 or newer. +(libICE 1.0.9 already ensured that arc4random_buf() is used on +platforms that have it to provide sufficient entropy in ICE +key generation, but left other platforms with the weaker methods. +Linux platforms could also have linked against libbsd to use +arc4random_buf() with libICE 1.0.9 for stronger keys.) +- supersedes U_Use-getentropy-if-arc4random_buf-is-not-available.patch + +--- Old: U_Use-getentropy-if-arc4random_buf-is-not-available.patch libICE-1.0.9.tar.bz2 New: libICE-1.0.10.tar.bz2 Other differences: -- ++ libICE.spec ++ --- /var/tmp/diff_new_pack.Pkqlhh/_old 2019-07-17 14:22:44.964184731 +0200 +++ /var/tmp/diff_new_pack.Pkqlhh/_new 2019-07-17 14:22:44.968184720 +0200 @@ -1,7 +1,7 @@ # # spec file for package libICE # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: libICE %define lname libICE6 -Version:1.0.9 +Version:1.0.10 Release:0 Summary:X11 Inter-Client Exchange Library License:MIT @@ -29,7 +29,6 @@ #Git-Web: http://cgit.freedesktop.org/xorg/lib/libICE/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 Source1:baselibs.conf -Patch0: U_Use-getentropy-if-arc4random_buf-is-not-available.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires:autoconf >= 2.60, automake, libtool BuildRequires: autoconf @@ -81,7 +80,6 @@ %prep %setup -q -%patch0 -p1 %build autoreconf -fi ++ libICE-1.0.9.tar.bz2 -> libICE-1.0.10.tar.bz2 ++ 29820 lines of diff (skipped)
commit libICE for openSUSE:Factory
Hello community, here is the log from the commit of package libICE for openSUSE:Factory checked in at 2017-06-20 10:57:21 Comparing /work/SRC/openSUSE:Factory/libICE (Old) and /work/SRC/openSUSE:Factory/.libICE.new (New) Package is "libICE" Tue Jun 20 10:57:21 2017 rev:9 rq:502905 version:1.0.9 Changes: --- /work/SRC/openSUSE:Factory/libICE/libICE.changes2014-06-18 07:52:48.0 +0200 +++ /work/SRC/openSUSE:Factory/.libICE.new/libICE.changes 2017-06-20 10:57:22.509092315 +0200 @@ -1,0 +2,8 @@ +Sun Jun 11 18:00:24 UTC 2017 - sndir...@suse.com + +- U_Use-getentropy-if-arc4random_buf-is-not-available.patch + * Use getentropy() if arc4random_buf() is not available +(bnc#1025068, CVE-2017-2626) +- tagged baselibs.conf as source in specfile + +--- New: U_Use-getentropy-if-arc4random_buf-is-not-available.patch Other differences: -- ++ libICE.spec ++ --- /var/tmp/diff_new_pack.Ao7XMN/_old 2017-06-20 10:57:23.077012265 +0200 +++ /var/tmp/diff_new_pack.Ao7XMN/_new 2017-06-20 10:57:23.077012265 +0200 @@ -1,7 +1,7 @@ # # spec file for package libICE # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,8 +28,13 @@ #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libICE #Git-Web: http://cgit.freedesktop.org/xorg/lib/libICE/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 +Source1:baselibs.conf +Patch0: U_Use-getentropy-if-arc4random_buf-is-not-available.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires:autoconf >= 2.60, automake, libtool +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: pkgconfig(xorg-macros) >= 1.12 BuildRequires: pkgconfig(xproto) @@ -46,8 +51,8 @@ %package -n %lname Summary:X11 Inter-Client Exchange Library -Group: System/Libraries # O/P added for 12.2 +Group: System/Libraries Provides: xorg-x11-libICE = 7.6_%version-%release Obsoletes: xorg-x11-libICE < 7.6_%version-%release @@ -76,8 +81,10 @@ %prep %setup -q +%patch0 -p1 %build +autoreconf -fi %configure --docdir=%_docdir/%name --disable-static make %{?_smp_mflags} ++ U_Use-getentropy-if-arc4random_buf-is-not-available.patch ++ >From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires Date: Tue, 4 Apr 2017 19:12:53 +0200 Subject: [PATCH] Use getentropy() if arc4random_buf() is not available This allows to fix CVE-2017-2626 on Linux platforms without pulling in libbsd. The libc getentropy() is available since glibc 2.25 but also on OpenBSD. For Linux, we need at least a v3.17 kernel. If the recommended arc4random_buf() function is not available, emulate it by first trying to use getentropy() on a supported glibc and kernel. If the call fails, fall back to the current (partly vulnerable) code. Signed-off-by: Benjamin Tissoires Reviewed-by: Mark Kettenis Reviewed-by: Alan Coopersmith Signed-off-by: Peter Hutterer --- configure.ac | 2 +- src/iceauth.c | 65 ++- 2 files changed, 47 insertions(+), 20 deletions(-) diff --git a/configure.ac b/configure.ac index 458882a..c971ab6 100644 --- a/configure.ac +++ b/configure.ac @@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type]) # Checks for library functions. AC_CHECK_LIB([bsd], [arc4random_buf]) -AC_CHECK_FUNCS([asprintf arc4random_buf]) +AC_CHECK_FUNCS([asprintf arc4random_buf getentropy]) # Allow checking code with lint, sparse, etc. XORG_WITH_LINT diff --git a/src/iceauth.c b/src/iceauth.c index ed31683..de4785b 100644 --- a/src/iceauth.c +++ b/src/iceauth.c @@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium static int was_called_state; -/* - * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by - * the SI. It is not part of standard ICElib. - */ +#ifndef HAVE_ARC4RANDOM_BUF - -char * -IceGenerateMagicCookie ( +static void +emulate_getrandom_buf ( + char *auth, int len ) { -char*auth; -#ifndef HAVE_ARC4RANDOM_BUF longldata[2]; intseed; intvalue; inti; -#endif -if ((auth = malloc (len + 1)) == NULL) - return (NULL); - -#ifdef HAVE_ARC4RANDOM_BUF -arc4random_buf(auth, len); -#else #ifdef ITIMER_REAL { struct timeva
commit libICE for openSUSE:Factory
Hello community, here is the log from the commit of package libICE for openSUSE:Factory checked in at 2014-06-18 07:50:35 Comparing /work/SRC/openSUSE:Factory/libICE (Old) and /work/SRC/openSUSE:Factory/.libICE.new (New) Package is "libICE" Changes: --- /work/SRC/openSUSE:Factory/libICE/libICE.changes2013-03-22 11:26:45.0 +0100 +++ /work/SRC/openSUSE:Factory/.libICE.new/libICE.changes 2014-06-18 07:52:48.0 +0200 @@ -1,0 +2,9 @@ +Tue Jun 10 15:32:39 UTC 2014 - sndir...@suse.com + +- Update to version 1.0.9 + * This release fixes a number of issues found by static analysis and +compiler warnings, and other minor code cleanups. On systems with +arc4random() in either libc or libbsd, it will now use that function +for generating authentication cookies. + +--- Old: libICE-1.0.8.tar.bz2 New: libICE-1.0.9.tar.bz2 Other differences: -- ++ libICE.spec ++ --- /var/tmp/diff_new_pack.UjKLVV/_old 2014-06-18 07:52:49.0 +0200 +++ /var/tmp/diff_new_pack.UjKLVV/_new 2014-06-18 07:52:49.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package libICE # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libICE %define lname libICE6 -Version:1.0.8 +Version:1.0.9 Release:0 Summary:X11 Inter-Client Exchange Library License:MIT ++ libICE-1.0.8.tar.bz2 -> libICE-1.0.9.tar.bz2 ++ 15791 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libICE for openSUSE:Factory
Hello community, here is the log from the commit of package libICE for openSUSE:Factory checked in at 2013-03-22 11:26:44 Comparing /work/SRC/openSUSE:Factory/libICE (Old) and /work/SRC/openSUSE:Factory/.libICE.new (New) Package is "libICE", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/libICE/libICE.changes2012-05-08 11:57:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.libICE.new/libICE.changes 2013-03-22 11:26:45.0 +0100 @@ -1,0 +2,5 @@ +Sun Feb 17 17:21:53 UTC 2013 - jeng...@inai.de + +- Use more robust make install call + +--- Other differences: -- ++ libICE.spec ++ --- /var/tmp/diff_new_pack.1Tep7N/_old 2013-03-22 11:26:45.0 +0100 +++ /var/tmp/diff_new_pack.1Tep7N/_new 2013-03-22 11:26:45.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libICE # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -82,7 +82,7 @@ make %{?_smp_mflags} %install -%makeinstall +make install DESTDIR="%buildroot" rm -f "%buildroot/%_libdir"/*.la %post -n %lname -p /sbin/ldconfig -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libICE for openSUSE:Factory
Hello community, here is the log from the commit of package libICE for openSUSE:Factory checked in at 2012-05-08 11:57:02 Comparing /work/SRC/openSUSE:Factory/libICE (Old) and /work/SRC/openSUSE:Factory/.libICE.new (New) Package is "libICE", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/libICE/libICE.changes2012-02-17 12:01:17.0 +0100 +++ /work/SRC/openSUSE:Factory/.libICE.new/libICE.changes 2012-05-08 11:57:15.0 +0200 @@ -1,0 +2,9 @@ +Wed Apr 11 15:03:16 UTC 2012 - vu...@opensuse.org + +- Update to version 1.0.8: + + Fix a number of issues found by static analysis and compiler +warnings + + Large set of cleanups and improvements to the DocBook format +specs for the protocol and docs for the API. + +--- Old: libICE-1.0.7.tar.bz2 New: libICE-1.0.8.tar.bz2 Other differences: -- ++ libICE.spec ++ --- /var/tmp/diff_new_pack.hmOC9y/_old 2012-05-08 11:57:16.0 +0200 +++ /var/tmp/diff_new_pack.hmOC9y/_new 2012-05-08 11:57:16.0 +0200 @@ -14,22 +14,26 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + Name: libICE %define lname libICE6 -Version:1.0.7 +Version:1.0.8 Release:0 Summary:X11 Inter-Client Exchange Library License:MIT Group: Development/Libraries/C and C++ -URL: http://xorg.freedesktop.org/ +Url:http://xorg.freedesktop.org/ #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libICE #Git-Web: http://cgit.freedesktop.org/xorg/lib/libICE/ -Source: %name-%version.tar.bz2 -BuildRoot: %_tmppath/%name-%version-build +Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 +BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires:autoconf >= 2.60, automake, libtool -BuildRequires: pkgconfig, pkgconfig(xorg-macros) >= 1.10 -BuildRequires: pkgconfig(xproto), pkgconfig(xtrans) +BuildRequires: pkgconfig +BuildRequires: pkgconfig(xorg-macros) >= 1.12 +BuildRequires: pkgconfig(xproto) +BuildRequires: pkgconfig(xtrans) %description There are numerous possible inter-client protocols, with many ++ libICE-1.0.7.tar.bz2 -> libICE-1.0.8.tar.bz2 ++ 60342 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org