Compare commits
2 Commits
26bebc42c1
...
7adab251d4
Author | SHA1 | Date | |
---|---|---|---|
|
7adab251d4 | ||
|
e0faa01689 |
1
.motif.metadata
Normal file
1
.motif.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
49ecfe2a0939232ca78ce318d938044e7f751b6d motif-2.3.4-src.tgz
|
54
0001-EditresCom-Fix-build-with-modern-systems.patch
Normal file
54
0001-EditresCom-Fix-build-with-modern-systems.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From 591ae206f83a359a590090524c286cb03e5c2494 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||||
|
Date: Tue, 6 Sep 2022 17:39:19 +0200
|
||||||
|
Subject: [PATCH] EditresCom: Fix build with modern systems.
|
||||||
|
|
||||||
|
The code in _XtGetStringValues() depends on the LONG_BIT define.
|
||||||
|
|
||||||
|
However, modern system require -D_XOPEN_SOURCE to set LONG_BIT, so with
|
||||||
|
the current code as it is, LONG_BIT is not defined (from limits.h) and
|
||||||
|
the build wrongly assumes this is a 32bit build.
|
||||||
|
|
||||||
|
Unfortunately, defining _XOPEN_SOURCE to have LONG_BIT set would disable
|
||||||
|
the definition of caddr_t, a deprecated definition inherited from BSD,
|
||||||
|
so we also need to replace that with a simple cast to (long *).
|
||||||
|
|
||||||
|
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
||||||
|
---
|
||||||
|
lib/Xm/EditresCom.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/Xm/EditresCom.c b/lib/Xm/EditresCom.c
|
||||||
|
index 4114ff8b..c93d6844 100644
|
||||||
|
--- a/lib/Xm/EditresCom.c
|
||||||
|
+++ b/lib/Xm/EditresCom.c
|
||||||
|
@@ -43,6 +43,9 @@ in this Software without prior written authorization from the X Consortium.
|
||||||
|
#include <config.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifndef _XOPEN_SOURCE
|
||||||
|
+#define _XOPEN_SOURCE 700
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#include <X11/IntrinsicP.h> /* To get into the composite and core widget
|
||||||
|
structures. */
|
||||||
|
@@ -59,6 +62,7 @@ in this Software without prior written authorization from the X Consortium.
|
||||||
|
#include <X11/Xmd.h>
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
+#include <limits.h>
|
||||||
|
|
||||||
|
#define _XEditResPutBool _XEditResPut8
|
||||||
|
#define _XEditResPutResourceType _XEditResPut8
|
||||||
|
@@ -1608,7 +1612,7 @@ _XtGetStringValues(Widget w, Arg *warg, int numargs)
|
||||||
|
old_handler = XtAppSetWarningMsgHandler(XtWidgetToApplicationContext(w),
|
||||||
|
EditResCvtWarningHandler);
|
||||||
|
from.size = res->resource_size;
|
||||||
|
- from.addr = (caddr_t)&value;
|
||||||
|
+ from.addr = (void *)&value;
|
||||||
|
to.addr = NULL;
|
||||||
|
to.size = 0;
|
||||||
|
to_color.addr = NULL;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -0,0 +1,32 @@
|
|||||||
|
From 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||||
|
Date: Sat, 29 Apr 2023 17:50:39 -0700
|
||||||
|
Subject: [PATCH] Fix CVE-2023-43788: Out of bounds read in
|
||||||
|
XpmCreateXpmImageFromBuffer
|
||||||
|
|
||||||
|
When the test case for CVE-2022-46285 was run with the Address Sanitizer
|
||||||
|
enabled, it found an out-of-bounds read in ParseComment() when reading
|
||||||
|
from a memory buffer instead of a file, as it continued to look for the
|
||||||
|
closing comment marker past the end of the buffer.
|
||||||
|
|
||||||
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||||
|
---
|
||||||
|
lib/Xm/Xpmdata.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c
|
||||||
|
index 7524e65..0b0f1f3 100644
|
||||||
|
--- a/lib/Xm/Xpmdata.c
|
||||||
|
+++ b/lib/Xm/Xpmdata.c
|
||||||
|
@@ -108,7 +108,7 @@ ParseComment(xpmData *data)
|
||||||
|
n++;
|
||||||
|
s2++;
|
||||||
|
} while (c == *s2 && *s2 != '\0' && c);
|
||||||
|
- if (*s2 == '\0') {
|
||||||
|
+ if (*s2 == '\0' || c == '\0') {
|
||||||
|
/* this is the end of the comment */
|
||||||
|
notend = 0;
|
||||||
|
mdata->cptr--;
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,36 @@
|
|||||||
|
From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||||
|
Date: Sat, 29 Apr 2023 18:30:34 -0700
|
||||||
|
Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted
|
||||||
|
colormap
|
||||||
|
|
||||||
|
Found with clang's libfuzzer
|
||||||
|
|
||||||
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||||
|
---
|
||||||
|
lib/Xm/Xpmdata.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c
|
||||||
|
index 0b0f1f3..6e87455 100644
|
||||||
|
--- a/lib/Xm/Xpmdata.c
|
||||||
|
+++ b/lib/Xm/Xpmdata.c
|
||||||
|
@@ -259,13 +259,13 @@ xpmNextWord(
|
||||||
|
int c;
|
||||||
|
|
||||||
|
if (!mdata->type || mdata->type == XPMBUFFER) {
|
||||||
|
- while (isspace(c = *mdata->cptr) && c != mdata->Eos)
|
||||||
|
+ while ((c = *mdata->cptr) && isspace(c) && (c != mdata->Eos))
|
||||||
|
mdata->cptr++;
|
||||||
|
do {
|
||||||
|
c = *mdata->cptr++;
|
||||||
|
*buf++ = c;
|
||||||
|
n++;
|
||||||
|
- } while (!isspace(c) && c != mdata->Eos && n < buflen);
|
||||||
|
+ } while (c && !isspace(c) && (c != mdata->Eos) && (n < buflen));
|
||||||
|
n--;
|
||||||
|
mdata->cptr--;
|
||||||
|
} else {
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
19
motif.spec
19
motif.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: Run-time libraries and programs
|
Summary: Run-time libraries and programs
|
||||||
Name: motif
|
Name: motif
|
||||||
Version: 2.3.4
|
Version: 2.3.4
|
||||||
Release: 26%{?dist}
|
Release: 28%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Source: http://downloads.sf.net/motif/motif-%{version}-src.tgz
|
Source: http://downloads.sf.net/motif/motif-%{version}-src.tgz
|
||||||
Source1: xmbind
|
Source1: xmbind
|
||||||
@ -38,6 +38,13 @@ Patch54: motifzone_1612.patch
|
|||||||
|
|
||||||
# FTBFS #1448819
|
# FTBFS #1448819
|
||||||
Patch48: motif-2.3.4-Fix-issues-with-Werror-format-security.patch
|
Patch48: motif-2.3.4-Fix-issues-with-Werror-format-security.patch
|
||||||
|
# rhbz#2125560
|
||||||
|
Patch55: 0001-EditresCom-Fix-build-with-modern-systems.patch
|
||||||
|
|
||||||
|
# CVE-2023-43788
|
||||||
|
Patch56: 0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
|
||||||
|
# CVE-2023-43789
|
||||||
|
Patch57: 0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
|
||||||
|
|
||||||
Conflicts: lesstif <= 0.92.32-6
|
Conflicts: lesstif <= 0.92.32-6
|
||||||
|
|
||||||
@ -83,6 +90,9 @@ This package contains the static Motif libraries.
|
|||||||
%patch52 -p1 -b .revert-of-motifzone_1565
|
%patch52 -p1 -b .revert-of-motifzone_1565
|
||||||
%patch53 -p1 -b .motifzone_1660
|
%patch53 -p1 -b .motifzone_1660
|
||||||
%patch54 -p1 -b .motifzone_1612
|
%patch54 -p1 -b .motifzone_1612
|
||||||
|
%patch55 -p1 -b .long_bit
|
||||||
|
%patch56 -p1 -b .cve-2023-43788
|
||||||
|
%patch57 -p1 -b .cve-2023-43789
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
@ -132,6 +142,13 @@ rm -f %{buildroot}%{_libdir}/*.la
|
|||||||
%{_libdir}/lib*.a
|
%{_libdir}/lib*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 27 2023 José Expósito <jexposit@redhat.com> - 2.3.4-28
|
||||||
|
- Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer()
|
||||||
|
- Fix CVE-2023-43789: out of bounds read on XPM with corrupted colormap
|
||||||
|
|
||||||
|
* Mon Sep 26 2022 Olivier Fourdan <ofourdan@redhat.com> - 2.3.4-27
|
||||||
|
- Fix LONG_BIT definition missing (rhbz#2125560)
|
||||||
|
|
||||||
* Thu May 12 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-26
|
* Thu May 12 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-26
|
||||||
- Added patches from rhel-7
|
- Added patches from rhel-7
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user