.gitignore

@@ -1 +1 @@
-SOURCES/libXpm-3.5.12.tar.bz2
+/libXpm-*.tar.bz2

.libXpm.metadata

@@ -1 +1 @@
-4e22fefe61714209539b08051b5287bcd9ecfd04 SOURCES/libXpm-3.5.12.tar.bz2
+38b1a2728adb49f4e255aba1530f51789815ffc4 libXpm-3.5.13.tar.bz2

0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch

@@ -1,7 +1,7 @@
-From ec75b3393506a6f71a477ac3982b31a48a42c196 Mon Sep 17 00:00:00 2001
+From c6cd85b7d0a725552a7277748504a33f0fc3e121 Mon Sep 17 00:00:00 2001
 From: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date: Sat, 17 Dec 2022 12:23:45 -0800
-Subject: [PATCH libXpm 1/5] Fix CVE-2022-46285: Infinite loop on unclosed
+Subject: [PATCH libXpm 1/6] Fix CVE-2022-46285: Infinite loop on unclosed
  comments
 
 When reading XPM images from a file with libXpm 3.5.14 or older, if a

0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch

@@ -1,7 +1,7 @@
-From 52603840b1c5d923cc998335fb651a53d42a036c Mon Sep 17 00:00:00 2001
+From 0a1959b3b061d2e6d0a512e83035d84e5828f388 Mon Sep 17 00:00:00 2001
 From: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date: Sat, 7 Jan 2023 12:44:28 -0800
-Subject: [PATCH libXpm 2/5] Fix CVE-2022-44617: Runaway loop with width of 0
+Subject: [PATCH libXpm 2/6] Fix CVE-2022-44617: Runaway loop with width of 0
  and enormous height
 
 When reading XPM images from a file with libXpm 3.5.14 or older, if a
@@ -77,10 +77,10 @@ index bfad4ff..7524e65 100644
  
  
 diff --git a/src/parse.c b/src/parse.c
-index c19209c..e97d771 100644
+index 613529e..606789d 100644
 --- a/src/parse.c
 +++ b/src/parse.c
-@@ -391,6 +391,13 @@ ParsePixels(
+@@ -427,6 +427,13 @@ ParsePixels(
  {
      unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */
      unsigned int a, x, y;
@@ -94,7 +94,7 @@ index c19209c..e97d771 100644
  
      if ((height > 0 && width >= UINT_MAX / height) ||
  	width * height >= UINT_MAX / sizeof(unsigned int))
-@@ -428,7 +435,11 @@ ParsePixels(
+@@ -464,7 +471,11 @@ ParsePixels(
  		colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
  
  	    for (y = 0; y < height; y++) {
@@ -107,7 +107,7 @@ index c19209c..e97d771 100644
  		for (x = 0; x < width; x++, iptr++) {
  		    int c = xpmGetC(data);
  
-@@ -475,7 +486,11 @@ do \
+@@ -511,7 +522,11 @@ do \
  	    }
  
  	    for (y = 0; y < height; y++) {
@@ -120,7 +120,7 @@ index c19209c..e97d771 100644
  		for (x = 0; x < width; x++, iptr++) {
  		    int cc1 = xpmGetC(data);
  		    if (cc1 > 0 && cc1 < 256) {
-@@ -515,7 +530,11 @@ do \
+@@ -551,7 +566,11 @@ do \
  		xpmHashAtom *slot;
  
  		for (y = 0; y < height; y++) {
@@ -133,7 +133,7 @@ index c19209c..e97d771 100644
  		    for (x = 0; x < width; x++, iptr++) {
  			for (a = 0, s = buf; a < cpp; a++, s++) {
  			    int c = xpmGetC(data);
-@@ -535,7 +554,11 @@ do \
+@@ -571,7 +590,11 @@ do \
  		}
  	    } else {
  		for (y = 0; y < height; y++) {

0003-Prevent-a-double-free-in-the-error-code-path.patch

@@ -1,7 +1,7 @@
-From 7cc2c568412ec63cc5efeec8edbdfc300c09835c Mon Sep 17 00:00:00 2001
+From ad5a88046266478c2c9600f6d8a11ab707cb4c7e Mon Sep 17 00:00:00 2001
 From: Matthieu Herrb <matthieu@herrb.eu>
 Date: Thu, 12 Jan 2023 15:05:39 +1000
-Subject: [PATCH libXpm 3/5] Prevent a double free in the error code path
+Subject: [PATCH libXpm 3/6] Prevent a double free in the error code path
 
 xpmParseDataAndCreate() calls XDestroyImage() in the error path.
 Reproducible with sxpm "zero-width.xpm", that file is in the test/

0004-configure-add-disable-open-zfile-instead-of-requirin.patch

@@ -1,7 +1,7 @@
-From d51766c94c6dffa59c087b27b2b20b53ff957b98 Mon Sep 17 00:00:00 2001
+From 6fd1ea0d559a433aecccb21b63e91776e05a0831 Mon Sep 17 00:00:00 2001
 From: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date: Thu, 5 Jan 2023 15:42:36 -0800
-Subject: [PATCH libXpm 4/5] configure: add --disable-open-zfile instead of
+Subject: [PATCH libXpm 4/6] configure: add --disable-open-zfile instead of
  requiring -DNO_ZPIPE
 
 Documents the two compression options in the README, makes their
@@ -10,17 +10,17 @@ and makes the configure script report their configuration.
 
 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
 ---
- README       | 15 +++++++++++++++
+ README.md    | 15 +++++++++++++++
  configure.ac | 36 +++++++++++++++++++++++-------------
  2 files changed, 38 insertions(+), 13 deletions(-)
 
-diff --git a/README b/README
+diff --git a/README.md b/README.md
-index 9d14a39..f532bef 100644
+index f661e15..f3f4c93 100644
---- a/README
+--- a/README.md
-+++ b/README
++++ b/README.md
-@@ -23,3 +23,18 @@ For more information on the git code manager, see:
+@@ -16,3 +16,18 @@ For patch submission instructions, see:
  
-         http://wiki.x.org/wiki/GitPage
+   https://www.x.org/wiki/Development/Documentation/SubmittingPatches
  
 +------------------------------------------------------------------------------
 +
@@ -38,10 +38,10 @@ index 9d14a39..f532bef 100644
 +when --enable-open-zfile is enabled, and can be disabled by passing the
 +--disable-stat-zfile flag to the configure script.
 diff --git a/configure.ac b/configure.ac
-index 2feb9ff..4a8d6de 100644
+index 365544b..85e2c73 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -48,25 +48,35 @@ if test "x$USE_GETTEXT" = "xyes" ; then
+@@ -49,25 +49,35 @@ if test "x$USE_GETTEXT" = "xyes" ; then
  fi
  AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes")
  

0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch

@@ -1,7 +1,7 @@
-From 66854ee1d187095186ae718979baf771c177002a Mon Sep 17 00:00:00 2001
+From cdbc3fa8edc5b42391a5f2bfe1a8f6099929acf7 Mon Sep 17 00:00:00 2001
 From: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date: Fri, 6 Jan 2023 12:50:48 -0800
-Subject: [PATCH libXpm 5/5] Fix CVE-2022-4883: compression commands depend on
+Subject: [PATCH libXpm 5/6] Fix CVE-2022-4883: compression commands depend on
  $PATH
 
 By default, on all platforms except MinGW, libXpm will detect if a
@@ -18,17 +18,17 @@ privileges.
 
 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
 ---
- README       | 12 ++++++++++++
+ README.md    | 12 ++++++++++++
  configure.ac | 14 ++++++++++++++
  src/RdFToI.c | 17 ++++++++++++++---
  src/WrFFrI.c |  4 ++--
  4 files changed, 42 insertions(+), 5 deletions(-)
 
-diff --git a/README b/README
+diff --git a/README.md b/README.md
-index f532bef..c7d6dbf 100644
+index f3f4c93..0b1c886 100644
---- a/README
+--- a/README.md
-+++ b/README
++++ b/README.md
-@@ -38,3 +38,15 @@ if it can't find the file it was asked to open.  It relies on the
+@@ -31,3 +31,15 @@ if it can't find the file it was asked to open.  It relies on the
  --enable-open-zfile feature to open the file, and is enabled by default
  when --enable-open-zfile is enabled, and can be disabled by passing the
  --disable-stat-zfile flag to the configure script.
@@ -45,10 +45,10 @@ index f532bef..c7d6dbf 100644
 +the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP
 +variables to the configure command.
 diff --git a/configure.ac b/configure.ac
-index 4a8d6de..c1da348 100644
+index 85e2c73..4fc370d 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -48,6 +48,14 @@ if test "x$USE_GETTEXT" = "xyes" ; then
+@@ -49,6 +49,14 @@ if test "x$USE_GETTEXT" = "xyes" ; then
  fi
  AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes")
  
@@ -63,7 +63,7 @@ index 4a8d6de..c1da348 100644
  # Optional feature: When a filename ending in .Z or .gz is requested,
  # open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
  # handle it.
-@@ -63,6 +71,12 @@ AC_ARG_ENABLE(open-zfile,
+@@ -64,6 +72,12 @@ AC_ARG_ENABLE(open-zfile,
  AC_MSG_RESULT([$OPEN_ZFILE])
  if test x$OPEN_ZFILE = xno ; then
          AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes])
@@ -123,10 +123,10 @@ index bd09611..a91d337 100644
  	else
  #endif /* z-files */
 diff --git a/src/WrFFrI.c b/src/WrFFrI.c
-index 067c96b..bc38f66 100644
+index 328c987..d59098f 100644
 --- a/src/WrFFrI.c
 +++ b/src/WrFFrI.c
-@@ -336,10 +336,10 @@ OpenWriteFile(
+@@ -342,10 +342,10 @@ OpenWriteFile(
  #ifndef NO_ZPIPE
  	len = strlen(filename);
  	if (len > 2 && !strcmp(".Z", filename + (len - 2))) {

0006-Use-gzip-d-instead-of-gunzip.patch

@@ -1,7 +1,7 @@
-From 8b52b950360cd7224f504f294997f3a9d7e18b91 Mon Sep 17 00:00:00 2001
+From 999005133c928c841e98600c00e12d4c05846c91 Mon Sep 17 00:00:00 2001
 From: Peter Hutterer <peter.hutterer@who-t.net>
 Date: Mon, 16 Jan 2023 19:44:52 +1000
-Subject: [PATCH libXpm] Use gzip -d instead of gunzip
+Subject: [PATCH libXpm 6/6] Use gzip -d instead of gunzip
 
 GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
 /usr/bin/gunzip with the correct built-in path, the actual gzip call
@@ -9,19 +9,20 @@ will use whichever gzip it finds first, making our patch pointless.
 
 Fix this by explicitly calling gzip -d instead.
 
-https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
+[1] https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
+
 Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
 ---
- README       | 2 +-
+ README.md    | 2 +-
  configure.ac | 3 +--
  src/RdFToI.c | 2 +-
  3 files changed, 3 insertions(+), 4 deletions(-)
 
-diff --git a/README b/README
+diff --git a/README.md b/README.md
-index c7d6dbf..d4c7212 100644
+index 0b1c886..d906954 100644
---- a/README
+--- a/README.md
-+++ b/README
++++ b/README.md
-@@ -48,5 +48,5 @@ the first version found in the PATH used to run configure, and do not depend
+@@ -41,5 +41,5 @@ the first version found in the PATH used to run configure, and do not depend
  on the PATH environment variable set at runtime.
  
  To specify paths to be used for these commands instead of searching $PATH, pass
@@ -29,10 +30,10 @@ index c7d6dbf..d4c7212 100644
 +the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, and XPM_PATH_GZIP
  variables to the configure command.
 diff --git a/configure.ac b/configure.ac
-index c1da348..74d9856 100644
+index 4fc370d..5535998 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -57,7 +57,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2])
+@@ -58,7 +58,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2])
  ]) dnl End of AC_DEFUN([XPM_PATH_PROG]...
  
  # Optional feature: When a filename ending in .Z or .gz is requested,
@@ -41,7 +42,7 @@ index c1da348..74d9856 100644
  # handle it.
  AC_MSG_CHECKING([whether to handle compressed pixmaps])
  case $host_os in
-@@ -75,7 +75,6 @@ else
+@@ -76,7 +76,6 @@ else
          XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress])
          XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress])
          XPM_PATH_PROG([XPM_PATH_GZIP], [gzip])

SOURCES/0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch

@@ -1,40 +0,0 @@
-From e00066fb973a1796dd3989e356e17c8b51add521 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sun, 30 Sep 2018 15:09:29 -0700
-Subject: [PATCH 1/3] After fdopen(), use fclose() instead of close() in error
- path
-
-Found by Oracle's Parfait 2.2 static analyzer:
-
-Error: File Leak
-   File Leak [file-ptr-leak]:
-      Leaked File fp
-        at line 94 of lib/libXpm/src/RdFToBuf.c in function 'XpmReadFileToBuffer
-'.
-          fp initialized at line 86 with fdopen
-          fp leaks when len < 0 at line 92.
-
-Introduced-by: commit 8b3024e6871ce50b34bf2dff924774bd654703bc
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
----
- src/RdFToBuf.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/RdFToBuf.c b/src/RdFToBuf.c
-index 69e3347d24f2..1b386f81fde3 100644
---- a/src/RdFToBuf.c
-+++ b/src/RdFToBuf.c
-@@ -90,7 +90,7 @@ XpmReadFileToBuffer(
-     }
-     len = stats.st_size;
-     if (len < 0 || len >= SIZE_MAX) {
--	close(fd);
-+	fclose(fp);
- 	return XpmOpenFailed;
-     }
-     ptr = (char *) XpmMalloc(len + 1);
--- 
-2.23.0
-

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

libXpm.spec

@@ -1,21 +1,18 @@
 Summary: X.Org X11 libXpm runtime library
 Name: libXpm
-Version: 3.5.12
+Version: 3.5.13
-Release: 11%{?dist}
+Release: 10%{?dist}
 License: MIT
-Group: System Environment/Libraries
 URL: http://www.x.org
 
 Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
 
 BuildRequires: xorg-x11-util-macros
-BuildRequires: autoconf automake libtool
+BuildRequires: autoconf automake libtool make
 BuildRequires: gettext
 BuildRequires: pkgconfig(xext) pkgconfig(xt) pkgconfig(xau)
 BuildRequires: ncompress gzip
 
-Patch0: 0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch
-
 # CVE-2022-46285
 Patch0001: 0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
 # CVE-2022-44617
@@ -35,7 +32,6 @@ X.Org X11 libXpm runtime library
 
 %package devel
 Summary: X.Org X11 libXpm development package
-Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}
 
 %description devel
@@ -43,7 +39,7 @@ X.Org X11 libXpm development package
 
 %prep
 %setup -q
-%patch0 -p1 -b .covscan
+
 %patch0001 -p1
 %patch0002 -p1
 %patch0003 -p1
@@ -85,10 +81,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 #%{_mandir}/man1/*.1x*
 
 %changelog
-* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.12-11
+* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.13-10
 - Drop hardening patches from previous version to keep ABI compatibility
 
-* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.12-10
+* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.13-9
 - CVE-2023-43786 libX11: stack exhaustion from infinite recursion
   in PutSubImage()
 - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
@@ -96,13 +92,41 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 - CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
 - CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap
 
-* Mon Jan 16 2023 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.12-9
+* Mon Jan 16 2023 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.13-8
-- Fix CVE-2022-46285: infinite loop on unclosed comments (#2160229)
+- Fix CVE-2022-46285: infinite loop on unclosed comments (#2160230)
-- Fix CVE-2022-44617: runaway loop with width of 0 (#2160231)
+- Fix CVE-2022-44617: runaway loop with width of 0 (#2160232)
-- Fix CVE-2022-4883: compression depends on $PATH (#2160239)
+- Fix CVE-2022-4883: compression depends on $PATH (#2160242)
 
-* Mon Dec 09 2019 Benjamin Tissoires <benjamin.tissoires@redhat.com> 3.5.12-8
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.5.13-7
-- add covscan fixes (#1602606)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.5.13-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jan 05 2021 Peter Hutterer <peter.hutterer@redhat.com> 3.5.13-4
+- Add make to BuildRequires
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Dec 13 2019 Peter Hutterer <peter.hutterer@redhat.com> 3.5.13-1
+- libXpm 3.5.13
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Thu Jul 05 2018 Adam Jackson <ajax@redhat.com> - 3.5.12-7
 - Drop useless %%defattr

sources

@@ -0,0 +1 @@
+SHA512 (libXpm-3.5.13.tar.bz2) = 3b8f6e926272f39b1d95135c2274c00f5aaee1f9fb2ef79f71628df5edeb7ba20158819ef6a778101cc4092493a3b5b613c53634fdccadcc0fc85f0605e5e9a5