From bba38f38e7e41525c30116a2fe990d113b8157da Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Thu, 23 Aug 2018 16:11:46 +0800 Subject: poky: sumo refresh 51872d3f99..3b8dc3a88e Update poky to sumo HEAD. Andrej Valek (1): wpa-supplicant: fix CVE-2018-14526 Armin Kuster (2): xserver-xorg: config: fix NULL value detection for ID_INPUT being unset binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active. Bruce Ashfield (3): linux-yocto/4.12: update to v4.12.28 linux-yocto/4.14: update to v4.14.62 linux-yocto/4.14: update to v4.14.67 Changqing Li (6): libexif: patch for CVE-2017-7544 squashfs-tools: patch for CVE-2015-4645(4646) libcroco: patch for CVE-2017-7960 libid3tag: patch for CVE-2004-2779 libice: patch for CVE-2017-2626 apr-util: fix ptest fail problem Chen Qi (2): util-linux: upgrade 2.32 -> 2.32.1 busybox: move init related configs to init.cfg Jagadeesh Krishnanjanappa (2): libarchive: CVE-2017-14501 libcgroup: CVE-2018-14348 Jon Szymaniak (1): cve-check.bbclass: detect CVE IDs listed on multiple lines Joshua Lock (1): os-release: fix to install in the expected location Khem Raj (1): serf: Fix Sconstruct build with python 3.7 Konstantin Shemyak (1): cve-check.bbclass: do not download the CVE DB in package-specific tasks Mike Looijmans (1): busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail Ross Burton (1): lrzsz: fix CVE-2018-10195 Sinan Kaya (3): busybox: CVE-2017-15874 libpng: CVE-2018-13785 sqlite3: CVE-2018-8740 Yadi.hu (1): busybox: handle syslog Yi Zhao (2): blktrace: Security fix CVE-2018-10689 taglib: Security fix CVE-2018-11439 Zheng Ruoqin (1): glibc: fix CVE-2018-11237 Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8 Signed-off-by: Brad Bishop --- .../xorg-lib/libice/CVE-2017-2626.patch | 149 +++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 poky/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch (limited to 'poky/meta/recipes-graphics/xorg-lib/libice') diff --git a/poky/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/poky/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch new file mode 100644 index 000000000..20c6dda2e --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch @@ -0,0 +1,149 @@ +From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001 +From: Benjamin Tissoires +Date: Tue, 4 Apr 2017 19:12:53 +0200 +Subject: Use getentropy() if arc4random_buf() is not available + +This allows to fix CVE-2017-2626 on Linux platforms without pulling in +libbsd. +The libc getentropy() is available since glibc 2.25 but also on OpenBSD. +For Linux, we need at least a v3.17 kernel. If the recommended +arc4random_buf() function is not available, emulate it by first trying +to use getentropy() on a supported glibc and kernel. If the call fails, +fall back to the current (partly vulnerable) code. + +Signed-off-by: Benjamin Tissoires +Reviewed-by: Mark Kettenis +Reviewed-by: Alan Coopersmith +Signed-off-by: Peter Hutterer + +Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE + /commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b] + +CVE: CVE-2017-2626 + +Signed-off-by: Changqing Li +--- + configure.ac | 2 +- + src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++----------------- + 2 files changed, 47 insertions(+), 20 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 458882a..c971ab6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type]) + + # Checks for library functions. + AC_CHECK_LIB([bsd], [arc4random_buf]) +-AC_CHECK_FUNCS([asprintf arc4random_buf]) ++AC_CHECK_FUNCS([asprintf arc4random_buf getentropy]) + + # Allow checking code with lint, sparse, etc. + XORG_WITH_LINT +diff --git a/src/iceauth.c b/src/iceauth.c +index ed31683..de4785b 100644 +--- a/src/iceauth.c ++++ b/src/iceauth.c +@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium + + static int was_called_state; + +-/* +- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by +- * the SI. It is not part of standard ICElib. +- */ ++#ifndef HAVE_ARC4RANDOM_BUF + +- +-char * +-IceGenerateMagicCookie ( ++static void ++emulate_getrandom_buf ( ++ char *auth, + int len + ) + { +- char *auth; +-#ifndef HAVE_ARC4RANDOM_BUF + long ldata[2]; + int seed; + int value; + int i; +-#endif + +- if ((auth = malloc (len + 1)) == NULL) +- return (NULL); +- +-#ifdef HAVE_ARC4RANDOM_BUF +- arc4random_buf(auth, len); +-#else + #ifdef ITIMER_REAL + { + struct timeval now; +@@ -76,13 +64,13 @@ IceGenerateMagicCookie ( + ldata[0] = now.tv_sec; + ldata[1] = now.tv_usec; + } +-#else ++#else /* ITIMER_REAL */ + { + long time (); + ldata[0] = time ((long *) 0); + ldata[1] = getpid (); + } +-#endif ++#endif /* ITIMER_REAL */ + seed = (ldata[0]) + (ldata[1] << 16); + srand (seed); + for (i = 0; i < len; i++) +@@ -90,7 +78,46 @@ IceGenerateMagicCookie ( + value = rand (); + auth[i] = value & 0xff; + } +-#endif ++} ++ ++static void ++arc4random_buf ( ++ char *auth, ++ int len ++) ++{ ++ int ret; ++ ++#if HAVE_GETENTROPY ++ /* weak emulation of arc4random through the entropy libc */ ++ ret = getentropy (auth, len); ++ if (ret == 0) ++ return; ++#endif /* HAVE_GETENTROPY */ ++ ++ emulate_getrandom_buf (auth, len); ++} ++ ++#endif /* !defined(HAVE_ARC4RANDOM_BUF) */ ++ ++/* ++ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by ++ * the SI. It is not part of standard ICElib. ++ */ ++ ++ ++char * ++IceGenerateMagicCookie ( ++ int len ++) ++{ ++ char *auth; ++ ++ if ((auth = malloc (len + 1)) == NULL) ++ return (NULL); ++ ++ arc4random_buf (auth, len); ++ + auth[len] = '\0'; + return (auth); + } +-- +cgit v1.1 + -- cgit v1.2.3