.gitignore

@@ -1 +1 @@
-SOURCES/libICE-1.0.9.tar.bz2
+SOURCES/libICE-1.0.10.tar.bz2

.libICE.metadata

@@ -1 +1 @@
-3c3a857a117ce48a1947a16860056e77cd494fdf SOURCES/libICE-1.0.9.tar.bz2
+5b5eb125d4f43a3ab8153b0f850963ee6c982c24 SOURCES/libICE-1.0.10.tar.bz2

SOURCES/0001-IceListenForWellKnownConnections-Fix-memleak.patch

@@ -1,28 +0,0 @@
-From 6fed0334c99d3c088752b462d106a84266fb1114 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan <ofourdan@redhat.com>
-Date: Wed, 10 Apr 2019 11:01:31 +0200
-Subject: [PATCH libICE 1/3] IceListenForWellKnownConnections: Fix memleak
-
-The function `_IceTransMakeAllCOTSServerListeners` allocates memory for
-`transConns` which is leaked in case of error.
-
-Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
----
- src/listenwk.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/listenwk.c b/src/listenwk.c
-index 7517ea8..9ff26da 100644
---- a/src/listenwk.c
-+++ b/src/listenwk.c
-@@ -61,6 +61,7 @@ IceListenForWellKnownConnections (
-         strncpy (errorStringRet,
- 	    "Cannot establish any listening sockets", errorLength);
- 
-+	free (transConns);
- 	return (0);
-     }
- 
--- 
-2.21.0
-

SOURCES/0001-Use-getentropy-if-arc4random_buf-is-not-available.patch

@@ -1,143 +0,0 @@
-From 8044880840bcde6f15a078e267cf163072ac1878 Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
-Date: Tue, 4 Apr 2017 19:12:53 +0200
-Subject: [PATCH libICE 1/2] Use getentropy() if arc4random_buf() is not
- available
-
-This allows to fix CVE-2017-2626 on Linux platforms without pulling in
-libbsd.
-The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
-For Linux, we need at least a v3.17 kernel. If the recommended
-arc4random_buf() function is not available, emulate it by first trying
-to use getentropy() on a supported glibc and kernel. If the call fails,
-fall back to the current (partly vulnerable) code.
-
-Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
-Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
----
- configure.ac  |  2 +-
- src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
- 2 files changed, 47 insertions(+), 20 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 458882a..c971ab6 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
- 
- # Checks for library functions.
- AC_CHECK_LIB([bsd], [arc4random_buf])
--AC_CHECK_FUNCS([asprintf arc4random_buf])
-+AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
- 
- # Allow checking code with lint, sparse, etc.
- XORG_WITH_LINT
-diff --git a/src/iceauth.c b/src/iceauth.c
-index ef66626..9b77eac 100644
---- a/src/iceauth.c
-+++ b/src/iceauth.c
-@@ -42,31 +42,19 @@ Author: Ralph Mor, X Consortium
- 
- static int was_called_state;
- 
--/*
-- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
-- * the SI.  It is not part of standard ICElib.
-- */
-+#ifndef HAVE_ARC4RANDOM_BUF
- 
--
--char *
--IceGenerateMagicCookie (
-+static void
-+emulate_getrandom_buf (
-+	char *auth,
- 	int len
- )
- {
--    char    *auth;
--#ifndef HAVE_ARC4RANDOM_BUF
-     long    ldata[2];
-     int	    seed;
-     int	    value;
-     int	    i;
--#endif
- 
--    if ((auth = malloc (len + 1)) == NULL)
--	return (NULL);
--
--#ifdef HAVE_ARC4RANDOM_BUF
--    arc4random_buf(auth, len);
--#else
- #ifdef ITIMER_REAL
-     {
- 	struct timeval  now;
-@@ -74,13 +62,13 @@ IceGenerateMagicCookie (
- 	ldata[0] = now.tv_sec;
- 	ldata[1] = now.tv_usec;
-     }
--#else
-+#else /* ITIMER_REAL */
-     {
- 	long    time ();
- 	ldata[0] = time ((long *) 0);
- 	ldata[1] = getpid ();
-     }
--#endif
-+#endif /* ITIMER_REAL */
-     seed = (ldata[0]) + (ldata[1] << 16);
-     srand (seed);
-     for (i = 0; i < len; i++)
-@@ -88,7 +76,46 @@ IceGenerateMagicCookie (
- 	value = rand ();
- 	auth[i] = value & 0xff;
-     }
--#endif
-+}
-+
-+static void
-+arc4random_buf (
-+	char *auth,
-+	int len
-+)
-+{
-+    int	    ret;
-+
-+#if HAVE_GETENTROPY
-+    /* weak emulation of arc4random through the entropy libc */
-+    ret = getentropy (auth, len);
-+    if (ret == 0)
-+	return;
-+#endif /* HAVE_GETENTROPY */
-+
-+    emulate_getrandom_buf (auth, len);
-+}
-+
-+#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
-+
-+/*
-+ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
-+ * the SI.  It is not part of standard ICElib.
-+ */
-+
-+
-+char *
-+IceGenerateMagicCookie (
-+	int len
-+)
-+{
-+    char    *auth;
-+
-+    if ((auth = malloc (len + 1)) == NULL)
-+	return (NULL);
-+
-+    arc4random_buf (auth, len);
-+
-     auth[len] = '\0';
-     return (auth);
- }
--- 
-2.9.3
-

SOURCES/0002-Add-getentropy-emulation-through-syscall.patch

@@ -1,75 +0,0 @@
-From 6a92ea98544e0d03d4ce0563ad765ae21773b0fd Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Date: Tue, 25 Apr 2017 11:00:36 +0200
-Subject: [PATCH libICE 2/2] Add getentropy emulation through syscall
-
-RHEL/f24/f25 only patch
-
-Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
----
- src/iceauth.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 49 insertions(+)
-
-diff --git a/src/iceauth.c b/src/iceauth.c
-index 9b77eac..9af62f5 100644
---- a/src/iceauth.c
-+++ b/src/iceauth.c
-@@ -78,6 +78,55 @@ emulate_getrandom_buf (
-     }
- }
- 
-+#ifndef HAVE_GETENTROPY
-+#include <sys/syscall.h>
-+#include <errno.h>
-+
-+/* code taken from libressl, license: */
-+/*
-+ * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
-+ * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
-+ *
-+ * Permission to use, copy, modify, and distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ *
-+ * Emulation of getentropy(2) as documented at:
-+ * http://man.openbsd.org/getentropy.2
-+ */
-+#ifdef __NR_getrandom
-+static int
-+getentropy(void *buf, size_t len)
-+{
-+	int pre_errno = errno;
-+	int ret;
-+	if (len > 256)
-+		return (-1);
-+	do {
-+		ret = syscall(__NR_getrandom, buf, len, 0);
-+	} while (ret == -1 && errno == EINTR);
-+
-+	if (ret != len)
-+		return (-1);
-+	errno = pre_errno;
-+
-+	fprintf(stderr, "generating cookie with syscall\n");
-+
-+	return (0);
-+}
-+#define HAVE_GETENTROPY 1
-+#endif /* __NR_getrandom */
-+
-+#endif /* HAVE_GETENTROPY */
-+
- static void
- arc4random_buf (
- 	char *auth,
--- 
-2.9.3
-

SOURCES/0002-_IceRead-Avoid-possible-use-after-free.patch

@@ -1,31 +0,0 @@
-From 32a9acc48463931e598188e3277c88925a48d7b5 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan <ofourdan@redhat.com>
-Date: Wed, 10 Apr 2019 11:15:11 +0200
-Subject: [PATCH libICE 2/3] _IceRead: Avoid possible use-after-free
-
-`_IceRead()` gets called from multiple places which do not expect the
-connection to be freed.
-
-Do not free the connection data in `_IceRead()` to avoid potential
-use-after-free issue in the various callers.
-
-Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
----
- src/misc.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/misc.c b/src/misc.c
-index d2e9150..54b179d 100644
---- a/src/misc.c
-+++ b/src/misc.c
-@@ -242,7 +242,6 @@ _IceRead (
- 		 */
- 
- 		_IceConnectionClosed (iceConn);	    /* invoke watch procs */
--		_IceFreeConnection (iceConn);
- 
- 		return (0);
- 	    }
--- 
-2.21.0
-

SOURCES/0003-cleanup-Separate-variable-assignment-and-test.patch

@@ -1,42 +0,0 @@
-From c4fcd360d060d50673a4a35ed39c4fe7e4bc3561 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan <ofourdan@redhat.com>
-Date: Thu, 11 Apr 2019 09:05:15 +0200
-Subject: [PATCH libICE 3/3] cleanup: Separate variable assignment and test
-
-Assigning and testing a value in a single statement hinders code clarity
-and may confuses static code analyzers.
-
-Separate the assignment and the test for clarity.
-
-Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
----
- src/process.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/process.c b/src/process.c
-index f0c3369..e3e0a35 100644
---- a/src/process.c
-+++ b/src/process.c
-@@ -919,7 +919,8 @@ ProcessConnectionSetup (
-     EXTRACT_STRING (pData, swap, vendor);
-     EXTRACT_STRING (pData, swap, release);
- 
--    if ((hisAuthCount = message->authCount) > 0)
-+    hisAuthCount = message->authCount;
-+    if (hisAuthCount > 0)
-     {
- 	hisAuthNames = malloc (hisAuthCount * sizeof (char *));
- 	EXTRACT_LISTOF_STRING (pData, swap, hisAuthCount, hisAuthNames);
-@@ -1965,7 +1966,8 @@ ProcessProtocolSetup (
-     EXTRACT_STRING (pData, swap, vendor);
-     EXTRACT_STRING (pData, swap, release);
- 
--    if ((hisAuthCount = message->authCount) > 0)
-+    hisAuthCount = message->authCount;
-+    if (hisAuthCount > 0)
-     {
- 	hisAuthNames = malloc (hisAuthCount * sizeof (char *));
- 	EXTRACT_LISTOF_STRING (pData, swap, hisAuthCount, hisAuthNames);
--- 
-2.21.0
-

SPECS/libICE.spec

@@ -1,21 +1,17 @@
 Summary: X.Org X11 ICE runtime library
 Name: libICE
-Version: 1.0.9
-Release: 15%{?dist}
+Version: 1.0.10
+Release: 8%{?dist}
 License: MIT
-Group: System Environment/Libraries
 URL: http://www.x.org
 
 Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
 
-Patch0: 0001-Use-getentropy-if-arc4random_buf-is-not-available.patch
-Patch1: 0002-Add-getentropy-emulation-through-syscall.patch
-Patch2: 0001-IceListenForWellKnownConnections-Fix-memleak.patch
-Patch3: 0002-_IceRead-Avoid-possible-use-after-free.patch
-Patch4: 0003-cleanup-Separate-variable-assignment-and-test.patch
+# Needed for pre-glibc-2.25, which at this point would mean RHEL7 but not 8
+# Patch1: 0002-Add-getentropy-emulation-through-syscall.patch
 
 BuildRequires: xorg-x11-util-macros
-BuildRequires: autoconf automake libtool
+BuildRequires: autoconf automake libtool make
 BuildRequires: pkgconfig
 BuildRequires: xorg-x11-proto-devel
 BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-5
@@ -25,7 +21,6 @@ The X.Org X11 ICE (Inter-Client Exchange) runtime library.
 
 %package devel
 Summary: X.Org X11 ICE development package
-Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
 
 %description devel
@@ -33,12 +28,7 @@ The X.Org X11 ICE (Inter-Client Exchange) development package.
 
 %prep
 %setup -q
-
-%patch0 -p1 -b .cve-2017-2626
-%patch1 -p1 -b .cve-2017-2626
-%patch2 -p1 -b .IceListenForWellKnownConnections-memleak
-%patch3 -p1 -b .IceRead-use-after-free
-%patch4 -p1 -b .var-assignment-and-test
+#patch1 -p1 -b .cve-2017-2626
 
 %build
 autoreconf -v --install --force
@@ -78,11 +68,39 @@ done
 %{_libdir}/pkgconfig/ice.pc
 
 %changelog
-* Tue Jun  4 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.0.9-15
-- Bump version for gating
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.10-8
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.10-7
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 01 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.0.10-5
+- Add make to BuildRequires
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jul 16 2019 Adam Jackson <ajax@redhat.com> - 1.0.10-1
+- libICE 1.0.10
+
+* Thu Mar 21 2019 Adam Jackson <ajax@redhat.com> - 1.0.9-16
+- Rebuild for xtrans 1.4.0
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.9-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
-* Thu Apr 11 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.0.9-14
-- covscan issues (rhbz#1602581)
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.9-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Fri Jun 29 2018 Adam Jackson <ajax@redhat.com> - 1.0.9-13
 - Use ldconfig scriptlet macros