5 changed files with 124 additions and 12 deletions
--- a/.freeglut.metadata
+++ b/.freeglut.metadata
@ -1,2 +1,2 @@
-fca52242f9344627a30f11487ee42002e6b0dacd SOURCES/freeglut-3.0.0.tar.gz
+7a62e0d2caad92ff745bc5037592b2753f0b2f20 SOURCES/freeglut-3.2.1.tar.gz
 9df57d26b2cd0448fd83141009729317ff2ea4e7 SOURCES/openglut-0.6.3-doc.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/freeglut-3.0.0.tar.gz
+SOURCES/freeglut-3.2.1.tar.gz
 SOURCES/openglut-0.6.3-doc.tar.gz
--- a/SOURCES/0001-Plug-memory-leak-that-happens-upon-error.patch
+++ b/SOURCES/0001-Plug-memory-leak-that-happens-upon-error.patch
@ -0,0 +1,52 @@
+From 9ad320c1ad1a25558998ddfe47674511567fec57 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Mon, 12 Feb 2024 14:46:22 +0800
+Subject: [PATCH] Plug memory leak that happens upon error.
+
+If fgStructure.CurrentMenu is set when glutAddMenuEntry() or
+glutAddSubMenu() is called the allocated menuEntry variable will
+leak. This commit postpones allocating menuEntry until after the
+error checks, thereby plugging the memory leak.
+
+This fixes CVE-2024-24258 and CVE-2024-24259.
+---
+ src/fg_menu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/fg_menu.c b/src/fg_menu.c
+index 53112dc2..0da88901 100644
+--- a/src/fg_menu.c
+++ b/src/fg_menu.c
+@@ -864,12 +864,12 @@ void FGAPIENTRY glutAddMenuEntry( const char* label, int value )
+ {
+     SFG_MenuEntry* menuEntry;
+     FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddMenuEntry" );
+-    menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
+ 
+     freeglut_return_if_fail( fgStructure.CurrentMenu );
+     if (fgState.ActiveMenus)
+         fgError("Menu manipulation not allowed while menus in use.");
+ 
+    menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
+     menuEntry->Text = strdup( label );
+     menuEntry->ID   = value;
+ 
+@@ -888,7 +888,6 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
+     SFG_Menu *subMenu;
+ 
+     FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddSubMenu" );
+-    menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
+     subMenu = fgMenuByID( subMenuID );
+ 
+     freeglut_return_if_fail( fgStructure.CurrentMenu );
+@@ -897,6 +896,7 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
+ 
+     freeglut_return_if_fail( subMenu );
+ 
+    menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
+     menuEntry->Text    = strdup( label );
+     menuEntry->SubMenu = subMenu;
+     menuEntry->ID      = -1;
+-- 
+2.43.0
+
--- a/SOURCES/common.patch
+++ b/SOURCES/common.patch
@ -0,0 +1,11 @@
+--- CMakeLists.txt~	2019-09-25 15:43:34.000000000 -0500
+++ CMakeLists.txt	2020-01-31 09:26:24.104743210 -0600
+@@ -302,7 +302,7 @@
+ ENDIF()
+ 
+ IF(CMAKE_COMPILER_IS_GNUCC)
+-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
+  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -fcommon")
+   IF(NOT(ANDROID OR BLACKBERRY OR FREEGLUT_WAYLAND))
+     # not setting -ansi as EGL/KHR headers doesn't support it
+     SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pedantic")
--- a/SPECS/freeglut.spec
+++ b/SPECS/freeglut.spec
@ -1,17 +1,22 @@
+%global __cmake_in_source_build 1
 Summary:        A freely licensed alternative to the GLUT library
 Name:           freeglut
-Version:        3.0.0
-Release:        8%{?dist}
+Version:        3.2.1
+Release:        10%{?dist}
 URL:            http://freeglut.sourceforge.net
 Source0:        https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 # For the manpages
 Source1:        https://downloads.sourceforge.net/openglut/openglut-0.6.3-doc.tar.gz
+Patch0:         common.patch
+Patch1:         0001-Plug-memory-leak-that-happens-upon-error.patch
 License:        MIT
-Group:          System Environment/Libraries

+BuildRequires:  gcc
+BuildRequires:  gcc-c++
 BuildRequires:  cmake
 BuildRequires:  pkgconfig libGLU-devel libXext-devel libXxf86vm-devel
 BuildRequires:  libXi-devel libICE-devel
+BuildRequires: make
 # The virtual Provides below is present so that this freeglut package is a
 # drop in binary replacement for "glut" which will satisfy rpm dependancies
 # properly.  The Obsoletes tag is required in order for any pre-existing
@ -34,7 +39,6 @@ joystick functions.

 %package devel
 Summary:        Freeglut developmental libraries and header files
-Group:          Development/Libraries
 Requires:       %{name} = %{version}-%{release}
 Requires:       libGL-devel libGLU-devel
 Provides:       glut-devel = 3.7
@ -49,6 +53,8 @@ license.

 %prep
 %setup -q -a 1
+%patch -P 0 -p0
+%patch -P 1 -p1

 %build
 %{cmake} -DFREEGLUT_BUILD_STATIC_LIBS=OFF .
@ -62,25 +68,68 @@ mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man3
 install -p -m 644 doc/man/*.3 $RPM_BUILD_ROOT/%{_mandir}/man3


-%post -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
+%ldconfig_scriptlets


 %files
-%defattr(-,root,root,-)
 %doc AUTHORS ChangeLog COPYING README doc/*.png doc/*.html
 # don't include contents of doc/ directory as it is mostly obsolete
 %{_libdir}/libglut.so.3*

 %files devel
-%defattr(-,root,root,-)
 %{_includedir}/GL/*.h
 %{_libdir}/libglut.so
-%{_libdir}/pkgconfig/freeglut.pc
+%{_libdir}/pkgconfig/glut.pc
 %{_mandir}/man3/*
-
+%{_libdir}/cmake/FreeGLUT/*

 %changelog
+* Thu Feb 15 2024 José Expósito <jexposit@redhat.com> - 3.2.1-10
+- Fix CVE-2024-24258 and CVE-2024-24259
+  Resolves: https://issues.redhat.com/browse/RHEL-25176
+  Resolves: https://issues.redhat.com/browse/RHEL-25178
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.1-9
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.1-8
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Aug 04 2020 Gwyn Ciesla <gwync@protonmail.com> - 3.2.1-6
+- Fix FTBFS.
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.1-5
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jan 31 2020 Gwyn Ciesla <gwync@protonmail.com> - 3.2.1-3
+- Fix FTBFS
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Sep 30 2019 Gwyn Ciesla <gwync@protonmail.com> - 3.2.1-1
+- 3.2.1
+
+* Tue Sep 17 2019 Gwyn Ciesla <gwync@protonmail.com> - 3.2.0-1
+- 3.2.0
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
 * Tue May 01 2018 Adam Jackson <ajax@redhat.com> - 3.0.0-8
 - HTTPS URLs
 - Pin soname to libglut.so.3 in the %%files glob