From 6e7d4afcd38266b365007a2542fd23b221b66a52 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 15:01:07 +0000 Subject: [PATCH] import UBI libXpm-3.5.17-5.el10 --- .gitignore | 2 +- .libXpm.metadata | 1 - ...-fclose-instead-of-close-in-error-pa.patch | 40 ----- ...85-Infinite-loop-on-unclosed-comment.patch | 37 ----- ...88-Out-of-bounds-read-in-XpmCreateXp.patch | 32 ---- ...89-Out-of-bounds-read-on-XPM-with-co.patch | 36 ----- ...17-Runaway-loop-with-width-of-0-and-.patch | 151 ------------------ ...a-double-free-in-the-error-code-path.patch | 39 ----- ...sable-open-zfile-instead-of-requirin.patch | 95 ----------- ...3-compression-commands-depend-on-PAT.patch | 144 ----------------- .../0006-Use-gzip-d-instead-of-gunzip.patch | 67 -------- SPECS/libXpm.spec => libXpm.spec | 118 ++++++++------ sources | 1 + 13 files changed, 71 insertions(+), 692 deletions(-) delete mode 100644 .libXpm.metadata delete mode 100644 SOURCES/0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch delete mode 100644 SOURCES/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch delete mode 100644 SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch delete mode 100644 SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch delete mode 100644 SOURCES/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch delete mode 100644 SOURCES/0003-Prevent-a-double-free-in-the-error-code-path.patch delete mode 100644 SOURCES/0004-configure-add-disable-open-zfile-instead-of-requirin.patch delete mode 100644 SOURCES/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch delete mode 100644 SOURCES/0006-Use-gzip-d-instead-of-gunzip.patch rename SPECS/libXpm.spec => libXpm.spec (51%) create mode 100644 sources diff --git a/.gitignore b/.gitignore index 58685f3..b0f170f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libXpm-3.5.12.tar.bz2 +libXpm-3.5.17.tar.xz diff --git a/.libXpm.metadata b/.libXpm.metadata deleted file mode 100644 index c7ee3c6..0000000 --- a/.libXpm.metadata +++ /dev/null @@ -1 +0,0 @@ -4e22fefe61714209539b08051b5287bcd9ecfd04 SOURCES/libXpm-3.5.12.tar.bz2 diff --git a/SOURCES/0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch b/SOURCES/0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch deleted file mode 100644 index e14c0af..0000000 --- a/SOURCES/0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e00066fb973a1796dd3989e356e17c8b51add521 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sun, 30 Sep 2018 15:09:29 -0700 -Subject: [PATCH 1/3] After fdopen(), use fclose() instead of close() in error - path - -Found by Oracle's Parfait 2.2 static analyzer: - -Error: File Leak - File Leak [file-ptr-leak]: - Leaked File fp - at line 94 of lib/libXpm/src/RdFToBuf.c in function 'XpmReadFileToBuffer -'. - fp initialized at line 86 with fdopen - fp leaks when len < 0 at line 92. - -Introduced-by: commit 8b3024e6871ce50b34bf2dff924774bd654703bc - -Signed-off-by: Alan Coopersmith -Reviewed-by: Peter Hutterer ---- - src/RdFToBuf.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/RdFToBuf.c b/src/RdFToBuf.c -index 69e3347d24f2..1b386f81fde3 100644 ---- a/src/RdFToBuf.c -+++ b/src/RdFToBuf.c -@@ -90,7 +90,7 @@ XpmReadFileToBuffer( - } - len = stats.st_size; - if (len < 0 || len >= SIZE_MAX) { -- close(fd); -+ fclose(fp); - return XpmOpenFailed; - } - ptr = (char *) XpmMalloc(len + 1); --- -2.23.0 - diff --git a/SOURCES/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch b/SOURCES/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch deleted file mode 100644 index db04b06..0000000 --- a/SOURCES/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ec75b3393506a6f71a477ac3982b31a48a42c196 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sat, 17 Dec 2022 12:23:45 -0800 -Subject: [PATCH libXpm 1/5] Fix CVE-2022-46285: Infinite loop on unclosed - comments - -When reading XPM images from a file with libXpm 3.5.14 or older, if a -comment in the file is not closed (i.e. a C-style comment starts with -"/*" and is missing the closing "*/"), the ParseComment() function will -loop forever calling getc() to try to read the rest of the comment, -failing to notice that it has returned EOF, which may cause a denial of -service to the calling program. - -Reported-by: Marco Ivaldi -Signed-off-by: Alan Coopersmith ---- - src/data.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/data.c b/src/data.c -index 898889c..bfad4ff 100644 ---- a/src/data.c -+++ b/src/data.c -@@ -174,6 +174,10 @@ ParseComment(xpmData *data) - notend = 0; - Ungetc(data, *s, file); - } -+ else if (c == EOF) { -+ /* hit end of file before the end of the comment */ -+ return XpmFileInvalid; -+ } - } - return 0; - } --- -2.39.0 - diff --git a/SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch b/SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch deleted file mode 100644 index a2d039b..0000000 --- a/SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sat, 29 Apr 2023 17:50:39 -0700 -Subject: [PATCH] Fix CVE-2023-43788: Out of bounds read in - XpmCreateXpmImageFromBuffer - -When the test case for CVE-2022-46285 was run with the Address Sanitizer -enabled, it found an out-of-bounds read in ParseComment() when reading -from a memory buffer instead of a file, as it continued to look for the -closing comment marker past the end of the buffer. - -Signed-off-by: Alan Coopersmith ---- - src/data.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/data.c b/src/data.c -index 7524e65..0b0f1f3 100644 ---- a/src/data.c -+++ b/src/data.c -@@ -108,7 +108,7 @@ ParseComment(xpmData *data) - n++; - s2++; - } while (c == *s2 && *s2 != '\0' && c); -- if (*s2 == '\0') { -+ if (*s2 == '\0' || c == '\0') { - /* this is the end of the comment */ - notend = 0; - data->cptr--; --- -2.41.0 - diff --git a/SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch b/SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch deleted file mode 100644 index 789c423..0000000 --- a/SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sat, 29 Apr 2023 18:30:34 -0700 -Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted - colormap - -Found with clang's libfuzzer - -Signed-off-by: Alan Coopersmith ---- - src/data.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/data.c b/src/data.c -index 0b0f1f3..6e87455 100644 ---- a/src/data.c -+++ b/src/data.c -@@ -259,13 +259,13 @@ xpmNextWord( - int c; - - if (!data->type || data->type == XPMBUFFER) { -- while (isspace(c = *data->cptr) && c != data->Eos) -+ while ((c = *data->cptr) && isspace(c) && (c != data->Eos)) - data->cptr++; - do { - c = *data->cptr++; - *buf++ = c; - n++; -- } while (!isspace(c) && c != data->Eos && n < buflen); -+ } while (c && !isspace(c) && (c != data->Eos) && (n < buflen)); - n--; - data->cptr--; - } else { --- -2.41.0 - diff --git a/SOURCES/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch b/SOURCES/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch deleted file mode 100644 index 4afc8c7..0000000 --- a/SOURCES/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 52603840b1c5d923cc998335fb651a53d42a036c Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sat, 7 Jan 2023 12:44:28 -0800 -Subject: [PATCH libXpm 2/5] Fix CVE-2022-44617: Runaway loop with width of 0 - and enormous height - -When reading XPM images from a file with libXpm 3.5.14 or older, if a -image has a width of 0 and a very large height, the ParsePixels() function -will loop over the entire height calling getc() and ungetc() repeatedly, -or in some circumstances, may loop seemingly forever, which may cause a -denial of service to the calling program when given a small crafted XPM -file to parse. - -Closes: #2 - -Reported-by: Martin Ettl -Signed-off-by: Alan Coopersmith ---- - src/data.c | 20 ++++++++++++++------ - src/parse.c | 31 +++++++++++++++++++++++++++---- - 2 files changed, 41 insertions(+), 10 deletions(-) - -diff --git a/src/data.c b/src/data.c -index bfad4ff..7524e65 100644 ---- a/src/data.c -+++ b/src/data.c -@@ -195,19 +195,23 @@ xpmNextString(xpmData *data) - register char c; - - /* get to the end of the current string */ -- if (data->Eos) -- while ((c = *data->cptr++) && c != data->Eos); -+ if (data->Eos) { -+ while ((c = *data->cptr++) && c != data->Eos && c != '\0'); -+ -+ if (c == '\0') -+ return XpmFileInvalid; -+ } - - /* - * then get to the beginning of the next string looking for possible - * comment - */ - if (data->Bos) { -- while ((c = *data->cptr++) && c != data->Bos) -+ while ((c = *data->cptr++) && c != data->Bos && c != '\0') - if (data->Bcmt && c == data->Bcmt[0]) - ParseComment(data); - } else if (data->Bcmt) { /* XPM2 natural */ -- while ((c = *data->cptr++) == data->Bcmt[0]) -+ while (((c = *data->cptr++) == data->Bcmt[0]) && c != '\0') - ParseComment(data); - data->cptr--; - } -@@ -216,9 +220,13 @@ xpmNextString(xpmData *data) - FILE *file = data->stream.file; - - /* get to the end of the current string */ -- if (data->Eos) -+ if (data->Eos) { - while ((c = Getc(data, file)) != data->Eos && c != EOF); - -+ if (c == EOF) -+ return XpmFileInvalid; -+ } -+ - /* - * then get to the beginning of the next string looking for possible - * comment -@@ -234,7 +242,7 @@ xpmNextString(xpmData *data) - Ungetc(data, c, file); - } - } -- return 0; -+ return XpmSuccess; - } - - -diff --git a/src/parse.c b/src/parse.c -index c19209c..e97d771 100644 ---- a/src/parse.c -+++ b/src/parse.c -@@ -391,6 +391,13 @@ ParsePixels( - { - unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */ - unsigned int a, x, y; -+ int ErrorStatus; -+ -+ if ((width == 0) && (height != 0)) -+ return (XpmFileInvalid); -+ -+ if ((height == 0) && (width != 0)) -+ return (XpmFileInvalid); - - if ((height > 0 && width >= UINT_MAX / height) || - width * height >= UINT_MAX / sizeof(unsigned int)) -@@ -428,7 +435,11 @@ ParsePixels( - colidx[(unsigned char)colorTable[a].string[0]] = a + 1; - - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - int c = xpmGetC(data); - -@@ -475,7 +486,11 @@ do \ - } - - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - int cc1 = xpmGetC(data); - if (cc1 > 0 && cc1 < 256) { -@@ -515,7 +530,11 @@ do \ - xpmHashAtom *slot; - - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - for (a = 0, s = buf; a < cpp; a++, s++) { - int c = xpmGetC(data); -@@ -535,7 +554,11 @@ do \ - } - } else { - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - for (a = 0, s = buf; a < cpp; a++, s++) { - int c = xpmGetC(data); --- -2.39.0 - diff --git a/SOURCES/0003-Prevent-a-double-free-in-the-error-code-path.patch b/SOURCES/0003-Prevent-a-double-free-in-the-error-code-path.patch deleted file mode 100644 index 50bfdd1..0000000 --- a/SOURCES/0003-Prevent-a-double-free-in-the-error-code-path.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7cc2c568412ec63cc5efeec8edbdfc300c09835c Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Thu, 12 Jan 2023 15:05:39 +1000 -Subject: [PATCH libXpm 3/5] Prevent a double free in the error code path - -xpmParseDataAndCreate() calls XDestroyImage() in the error path. -Reproducible with sxpm "zero-width.xpm", that file is in the test/ -directory. - -The same approach is needed in the bytes_per_line == 0 condition though -here it just plugs a memory leak. ---- - src/create.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/create.c b/src/create.c -index a750846..0f3735c 100644 ---- a/src/create.c -+++ b/src/create.c -@@ -994,11 +994,15 @@ CreateXImage( - #if !defined(FOR_MSW) && !defined(AMIGA) - if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) { - XDestroyImage(*image_return); -+ *image_return = NULL; - return XpmNoMemory; - } - /* now that bytes_per_line must have been set properly alloc data */ -- if((*image_return)->bytes_per_line == 0 || height == 0) -+ if((*image_return)->bytes_per_line == 0 || height == 0) { -+ XDestroyImage(*image_return); -+ *image_return = NULL; - return XpmNoMemory; -+ } - (*image_return)->data = - (char *) XpmMalloc((*image_return)->bytes_per_line * height); - --- -2.39.0 - diff --git a/SOURCES/0004-configure-add-disable-open-zfile-instead-of-requirin.patch b/SOURCES/0004-configure-add-disable-open-zfile-instead-of-requirin.patch deleted file mode 100644 index 9937e08..0000000 --- a/SOURCES/0004-configure-add-disable-open-zfile-instead-of-requirin.patch +++ /dev/null @@ -1,95 +0,0 @@ -From d51766c94c6dffa59c087b27b2b20b53ff957b98 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Thu, 5 Jan 2023 15:42:36 -0800 -Subject: [PATCH libXpm 4/5] configure: add --disable-open-zfile instead of - requiring -DNO_ZPIPE - -Documents the two compression options in the README, makes their -configure options reflect the interdependency of their implementation, -and makes the configure script report their configuration. - -Signed-off-by: Alan Coopersmith ---- - README | 15 +++++++++++++++ - configure.ac | 36 +++++++++++++++++++++++------------- - 2 files changed, 38 insertions(+), 13 deletions(-) - -diff --git a/README b/README -index 9d14a39..f532bef 100644 ---- a/README -+++ b/README -@@ -23,3 +23,18 @@ For more information on the git code manager, see: - - http://wiki.x.org/wiki/GitPage - -+------------------------------------------------------------------------------ -+ -+libXpm supports two optional features to handle compressed pixmap files. -+ -+--enable-open-zfile makes libXpm recognize file names ending in .Z and .gz -+and open a pipe to the appropriate command to compress the file when writing -+and uncompress the file when reading. This is enabled by default on platforms -+other than MinGW and can be disabled by passing the --disable-open-zfile flag -+to the configure script. -+ -+--enable-stat-zfile make libXpm search for a file name with .Z or .gz added -+if it can't find the file it was asked to open. It relies on the -+--enable-open-zfile feature to open the file, and is enabled by default -+when --enable-open-zfile is enabled, and can be disabled by passing the -+--disable-stat-zfile flag to the configure script. -diff --git a/configure.ac b/configure.ac -index 2feb9ff..4a8d6de 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -48,25 +48,35 @@ if test "x$USE_GETTEXT" = "xyes" ; then - fi - AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes") - -+# Optional feature: When a filename ending in .Z or .gz is requested, -+# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to -+# handle it. -+AC_MSG_CHECKING([whether to handle compressed pixmaps]) -+case $host_os in -+ *mingw*) zpipe_default="no" ;; -+ *) zpipe_default="yes" ;; -+esac -+AC_ARG_ENABLE(open-zfile, -+ AS_HELP_STRING([--enable-open-zfile], -+ [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]), -+ [OPEN_ZFILE=$enableval], [OPEN_ZFILE=yes]) -+AC_MSG_RESULT([$OPEN_ZFILE]) -+if test x$OPEN_ZFILE = xno ; then -+ AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes]) -+fi -+ - # Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz - # Replaces ZFILEDEF = -DSTAT_ZFILE in old Imakefile -+AC_MSG_CHECKING([whether to search for compressed pixmaps]) - AC_ARG_ENABLE(stat-zfile, -- AS_HELP_STRING([--enable-stat-zfile], -- [Search for files with .Z & .gz extensions automatically @<:@default=yes@:>@]), -- [STAT_ZFILE=$enableval], [STAT_ZFILE=yes]) -+ AS_HELP_STRING([--enable-stat-zfile], -+ [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]), -+ [STAT_ZFILE=$enableval], [STAT_ZFILE=$OPEN_ZFILE]) -+AC_MSG_RESULT([$STAT_ZFILE]) - if test x$STAT_ZFILE = xyes ; then -- AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions]) -+ AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions]) - fi - -- --case $host_os in -- *mingw*) -- AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes]) -- ;; -- *) -- ;; --esac -- - AC_CONFIG_FILES([Makefile - doc/Makefile - include/Makefile --- -2.39.0 - diff --git a/SOURCES/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch b/SOURCES/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch deleted file mode 100644 index 2effee5..0000000 --- a/SOURCES/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch +++ /dev/null @@ -1,144 +0,0 @@ -From 66854ee1d187095186ae718979baf771c177002a Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Fri, 6 Jan 2023 12:50:48 -0800 -Subject: [PATCH libXpm 5/5] Fix CVE-2022-4883: compression commands depend on - $PATH - -By default, on all platforms except MinGW, libXpm will detect if a -filename ends in .Z or .gz, and will when reading such a file fork off -an uncompress or gunzip command to read from via a pipe, and when -writing such a file will fork off a compress or gzip command to write -to via a pipe. - -In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH -to find the commands. If libXpm is called from a program running with -raised privileges, such as via setuid, then a malicious user could set -$PATH to include programs of their choosing to be run with those -privileges. - -Signed-off-by: Alan Coopersmith ---- - README | 12 ++++++++++++ - configure.ac | 14 ++++++++++++++ - src/RdFToI.c | 17 ++++++++++++++--- - src/WrFFrI.c | 4 ++-- - 4 files changed, 42 insertions(+), 5 deletions(-) - -diff --git a/README b/README -index f532bef..c7d6dbf 100644 ---- a/README -+++ b/README -@@ -38,3 +38,15 @@ if it can't find the file it was asked to open. It relies on the - --enable-open-zfile feature to open the file, and is enabled by default - when --enable-open-zfile is enabled, and can be disabled by passing the - --disable-stat-zfile flag to the configure script. -+ -+All of these commands will be executed with whatever userid & privileges the -+function is called with, relying on the caller to ensure the correct euid, -+egid, etc. are set before calling. -+ -+To reduce risk, the paths to these commands are now set at configure time to -+the first version found in the PATH used to run configure, and do not depend -+on the PATH environment variable set at runtime. -+ -+To specify paths to be used for these commands instead of searching $PATH, pass -+the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP -+variables to the configure command. -diff --git a/configure.ac b/configure.ac -index 4a8d6de..c1da348 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -48,6 +48,14 @@ if test "x$USE_GETTEXT" = "xyes" ; then - fi - AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes") - -+dnl Helper macro to find absolute path to program and add a #define for it -+AC_DEFUN([XPM_PATH_PROG],[ -+AC_PATH_PROG([$1], [$2], []) -+AS_IF([test "x$$1" = "x"], -+ [AC_MSG_ERROR([$2 not found, set $1 or use --disable-stat-zfile])]) -+AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2]) -+]) dnl End of AC_DEFUN([XPM_PATH_PROG]... -+ - # Optional feature: When a filename ending in .Z or .gz is requested, - # open a pipe to a newly forked compress/uncompress/gzip/gunzip command to - # handle it. -@@ -63,6 +71,12 @@ AC_ARG_ENABLE(open-zfile, - AC_MSG_RESULT([$OPEN_ZFILE]) - if test x$OPEN_ZFILE = xno ; then - AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes]) -+else -+ XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress]) -+ XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress]) -+ XPM_PATH_PROG([XPM_PATH_GZIP], [gzip]) -+ XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip]) -+ AC_CHECK_FUNCS([closefrom close_range], [break]) - fi - - # Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz -diff --git a/src/RdFToI.c b/src/RdFToI.c -index bd09611..a91d337 100644 ---- a/src/RdFToI.c -+++ b/src/RdFToI.c -@@ -43,6 +43,7 @@ - #include - #include - #include -+#include - #else - #ifdef FOR_MSW - #include -@@ -161,7 +162,17 @@ xpmPipeThrough( - goto err; - if ( 0 == pid ) - { -- execlp(cmd, cmd, arg1, (char *)NULL); -+#ifdef HAVE_CLOSEFROM -+ closefrom(3); -+#elif defined(HAVE_CLOSE_RANGE) -+# ifdef CLOSE_RANGE_UNSHARE -+# define close_range_flags CLOSE_RANGE_UNSHARE -+# else -+# define close_range_flags 0 -+#endif -+ close_range(3, ~0U, close_range_flags); -+#endif -+ execl(cmd, cmd, arg1, (char *)NULL); - perror(cmd); - goto err; - } -@@ -235,12 +246,12 @@ OpenReadFile( - if ( ext && !strcmp(ext, ".Z") ) - { - mdata->type = XPMPIPE; -- mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r"); - } - else if ( ext && !strcmp(ext, ".gz") ) - { - mdata->type = XPMPIPE; -- mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r"); - } - else - #endif /* z-files */ -diff --git a/src/WrFFrI.c b/src/WrFFrI.c -index 067c96b..bc38f66 100644 ---- a/src/WrFFrI.c -+++ b/src/WrFFrI.c -@@ -336,10 +336,10 @@ OpenWriteFile( - #ifndef NO_ZPIPE - len = strlen(filename); - if (len > 2 && !strcmp(".Z", filename + (len - 2))) { -- mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_COMPRESS, NULL, "w"); - mdata->type = XPMPIPE; - } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) { -- mdata->stream.file = xpmPipeThrough(fd, "gzip", "-q", "w"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-q", "w"); - mdata->type = XPMPIPE; - } else - #endif --- -2.39.0 - diff --git a/SOURCES/0006-Use-gzip-d-instead-of-gunzip.patch b/SOURCES/0006-Use-gzip-d-instead-of-gunzip.patch deleted file mode 100644 index 703ed21..0000000 --- a/SOURCES/0006-Use-gzip-d-instead-of-gunzip.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 8b52b950360cd7224f504f294997f3a9d7e18b91 Mon Sep 17 00:00:00 2001 -From: Peter Hutterer -Date: Mon, 16 Jan 2023 19:44:52 +1000 -Subject: [PATCH libXpm] Use gzip -d instead of gunzip - -GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call -/usr/bin/gunzip with the correct built-in path, the actual gzip call -will use whichever gzip it finds first, making our patch pointless. - -Fix this by explicitly calling gzip -d instead. - -https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in -Signed-off-by: Peter Hutterer ---- - README | 2 +- - configure.ac | 3 +-- - src/RdFToI.c | 2 +- - 3 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/README b/README -index c7d6dbf..d4c7212 100644 ---- a/README -+++ b/README -@@ -48,5 +48,5 @@ the first version found in the PATH used to run configure, and do not depend - on the PATH environment variable set at runtime. - - To specify paths to be used for these commands instead of searching $PATH, pass --the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP -+the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, and XPM_PATH_GZIP - variables to the configure command. -diff --git a/configure.ac b/configure.ac -index c1da348..74d9856 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -57,7 +57,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2]) - ]) dnl End of AC_DEFUN([XPM_PATH_PROG]... - - # Optional feature: When a filename ending in .Z or .gz is requested, --# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to -+# open a pipe to a newly forked compress/uncompress/gzip command to - # handle it. - AC_MSG_CHECKING([whether to handle compressed pixmaps]) - case $host_os in -@@ -75,7 +75,6 @@ else - XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress]) - XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress]) - XPM_PATH_PROG([XPM_PATH_GZIP], [gzip]) -- XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip]) - AC_CHECK_FUNCS([closefrom close_range], [break]) - fi - -diff --git a/src/RdFToI.c b/src/RdFToI.c -index a91d337..141c485 100644 ---- a/src/RdFToI.c -+++ b/src/RdFToI.c -@@ -251,7 +251,7 @@ OpenReadFile( - else if ( ext && !strcmp(ext, ".gz") ) - { - mdata->type = XPMPIPE; -- mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r"); - } - else - #endif /* z-files */ --- -2.39.0 - diff --git a/SPECS/libXpm.spec b/libXpm.spec similarity index 51% rename from SPECS/libXpm.spec rename to libXpm.spec index cc50957..6a1de55 100644 --- a/SPECS/libXpm.spec +++ b/libXpm.spec @@ -1,41 +1,23 @@ Summary: X.Org X11 libXpm runtime library Name: libXpm -Version: 3.5.12 -Release: 11%{?dist} -License: MIT -Group: System Environment/Libraries +Version: 3.5.17 +Release: 5%{?dist} +License: MIT AND X11-distribute-modifications-variant URL: http://www.x.org -Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2 +Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.xz BuildRequires: xorg-x11-util-macros -BuildRequires: autoconf automake libtool +BuildRequires: autoconf automake libtool make BuildRequires: gettext BuildRequires: pkgconfig(xext) pkgconfig(xt) pkgconfig(xau) BuildRequires: ncompress gzip -Patch0: 0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch - -# CVE-2022-46285 -Patch0001: 0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch -# CVE-2022-44617 -Patch0002: 0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch -Patch0003: 0003-Prevent-a-double-free-in-the-error-code-path.patch -# CVE-2022-4883 -Patch0004: 0004-configure-add-disable-open-zfile-instead-of-requirin.patch -Patch0005: 0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch -Patch0006: 0006-Use-gzip-d-instead-of-gunzip.patch -# CVE-2023-43788 -Patch0007: 0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch -# CVE-2023-43789 -Patch0008: 0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch - %description X.Org X11 libXpm runtime library %package devel Summary: X.Org X11 libXpm development package -Group: Development/Libraries Requires: %{name} = %{version}-%{release} %description devel @@ -43,15 +25,6 @@ X.Org X11 libXpm development package %prep %setup -q -%patch0 -p1 -b .covscan -%patch0001 -p1 -%patch0002 -p1 -%patch0003 -p1 -%patch0004 -p1 -%patch0005 -p1 -%patch0006 -p1 -%patch0007 -p1 -%patch0008 -p1 %build autoreconf -v --install --force @@ -80,29 +53,76 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %{_includedir}/X11/xpm.h %{_libdir}/libXpm.so %{_libdir}/pkgconfig/xpm.pc -#%dir %{_mandir}/man1x %{_mandir}/man1/*.1* -#%{_mandir}/man1/*.1x* +%{_mandir}/man3/*.3* %changelog -* Wed Oct 11 2023 José Expósito - 3.5.12-11 -- Drop hardening patches from previous version to keep ABI compatibility +* Tue Oct 29 2024 Troy Dawson - 3.5.17-5 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Wed Oct 11 2023 José Expósito - 3.5.12-10 -- CVE-2023-43786 libX11: stack exhaustion from infinite recursion - in PutSubImage() -- CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to - a heap overflow -- CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() -- CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap +* Mon Jun 24 2024 Troy Dawson - 3.5.17-4 +- Bump release for June 2024 mass rebuild -* Mon Jan 16 2023 Peter Hutterer - 3.5.12-9 -- Fix CVE-2022-46285: infinite loop on unclosed comments (#2160229) -- Fix CVE-2022-44617: runaway loop with width of 0 (#2160231) -- Fix CVE-2022-4883: compression depends on $PATH (#2160239) +* Thu Jan 25 2024 Fedora Release Engineering - 3.5.17-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -* Mon Dec 09 2019 Benjamin Tissoires 3.5.12-8 -- add covscan fixes (#1602606) +* Sun Jan 21 2024 Fedora Release Engineering - 3.5.17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Oct 05 2023 Peter Hutterer - 3.5.17-1 +- libXpm 3.5.17 + +* Wed Sep 06 2023 Benjamin Tissoires - 3.5.15-5 +- SPDX migration + +* Thu Jul 20 2023 Fedora Release Engineering - 3.5.15-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 3.5.15-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 18 2023 Peter Hutterer - 3.5.15-2 +- Add missing BuildRequires + +* Wed Jan 18 2023 Peter Hutterer - 3.5.15-1 +- libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883 + +* Wed Jan 11 2023 Peter Hutterer - 3.5.14-1 +- libXpm 3.5.14 + +* Thu Jul 21 2022 Fedora Release Engineering - 3.5.13-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 3.5.13-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 3.5.13-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 3.5.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 05 2021 Peter Hutterer 3.5.13-4 +- Add make to BuildRequires + +* Tue Jul 28 2020 Fedora Release Engineering - 3.5.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 3.5.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Dec 13 2019 Peter Hutterer 3.5.13-1 +- libXpm 3.5.13 + +* Thu Jul 25 2019 Fedora Release Engineering - 3.5.12-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 3.5.12-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 3.5.12-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jul 05 2018 Adam Jackson - 3.5.12-7 - Drop useless %%defattr diff --git a/sources b/sources new file mode 100644 index 0000000..73c1056 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (libXpm-3.5.17.tar.xz) = 52f9d2664a47a26c1a6ad65d18867de870b66947b0b0d99cca3512756a0aaa6ce2a245c0b49f20b70c3ce48bf04c47c333e8119a147465c277bca727f6ab017e