.gitignore

@@ -1 +1 @@
-SOURCES/motif-2.3.4-src.tgz
+/motif-2.3.4-src.tgz

.motif.metadata

@@ -0,0 +1 @@
+49ecfe2a0939232ca78ce318d938044e7f751b6d motif-2.3.4-src.tgz

SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch

@@ -1,32 +0,0 @@
-From 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 29 Apr 2023 17:50:39 -0700
-Subject: [PATCH] Fix CVE-2023-43788: Out of bounds read in
- XpmCreateXpmImageFromBuffer
-
-When the test case for CVE-2022-46285 was run with the Address Sanitizer
-enabled, it found an out-of-bounds read in ParseComment() when reading
-from a memory buffer instead of a file, as it continued to look for the
-closing comment marker past the end of the buffer.
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- lib/Xm/Xpmdata.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c
-index 7524e65..0b0f1f3 100644
---- a/lib/Xm/Xpmdata.c
-+++ b/lib/Xm/Xpmdata.c
-@@ -108,7 +108,7 @@ ParseComment(xpmData *data)
- 		n++;
- 		s2++;
- 	    } while (c == *s2 && *s2 != '\0' && c);
--	    if (*s2 == '\0') {
-+	    if (*s2 == '\0' || c == '\0') {
- 		/* this is the end of the comment */
- 		notend = 0;
- 		mdata->cptr--;
--- 
-2.41.0
-

SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch

@@ -1,36 +0,0 @@
-From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 29 Apr 2023 18:30:34 -0700
-Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted
- colormap
-
-Found with clang's libfuzzer
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- lib/Xm/Xpmdata.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c
-index 0b0f1f3..6e87455 100644
---- a/lib/Xm/Xpmdata.c
-+++ b/lib/Xm/Xpmdata.c
-@@ -259,13 +259,13 @@ xpmNextWord(
-     int c;
- 
-     if (!mdata->type || mdata->type == XPMBUFFER) {
--	while (isspace(c = *mdata->cptr) && c != mdata->Eos)
-+	while ((c = *mdata->cptr) && isspace(c) && (c != mdata->Eos))
- 	    mdata->cptr++;
- 	do {
- 	    c = *mdata->cptr++;
- 	    *buf++ = c;
- 	    n++;
--	} while (!isspace(c) && c != mdata->Eos && n < buflen);
-+	} while (c && !isspace(c) && (c != mdata->Eos) && (n < buflen));
- 	n--;
- 	mdata->cptr--;
-     } else {
--- 
-2.41.0
-

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

motif.spec

@@ -1,9 +1,8 @@
 Summary: Run-time libraries and programs
 Name: motif
 Version: 2.3.4
-Release: 20%{?dist}
+Release: 27%{?dist}
 License: LGPLv2+
-Group: System Environment/Libraries
 Source: http://downloads.sf.net/motif/motif-%{version}-src.tgz
 Source1: xmbind
 URL: http://www.motifzone.net/
@@ -12,6 +11,7 @@ Provides: openmotif = %{version}-%{release}
 Requires: xorg-x11-xbitmaps
 Requires: xorg-x11-xinit
 
+BuildRequires: make
 BuildRequires: automake, libtool, autoconf, flex
 # flex static libs have been part of flex for RHEL <= 6 and Fedora <= 12
 %if 0%{?fedora} > 12 || 0%{?rhel} > 6
@@ -29,9 +29,6 @@ Patch43: openMotif-2.3.0-rgbtxt.patch
 Patch45: motif-2.3.4-mwmrc_dir.patch
 Patch46: motif-2.3.4-bindings.patch
 Patch47: openMotif-2.3.0-no_X11R6.patch
-# FTBFS #1448819
-Patch48: motif-2.3.4-Fix-issues-with-Werror-format-security.patch
-
 Patch49: openmotif-2.3.1-rhbz_997241.patch
 Patch50: motif-2.3.5-motifzone_1654.patch
 Patch51: motif-2.3.4-motifzone_1564-88bdce1.patch
@@ -39,11 +36,10 @@ Patch52: revert-of-motifzone_1565.patch
 Patch53: motifzone_1660.patch
 Patch54: motifzone_1612.patch
 
+# FTBFS #1448819
+Patch48: motif-2.3.4-Fix-issues-with-Werror-format-security.patch
+# rhbz#2125560
 Patch55: 0001-EditresCom-Fix-build-with-modern-systems.patch
-# CVE-2023-43788
-Patch56: 0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
-# CVE-2023-43789
-Patch57: 0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
 
 Conflicts: lesstif <= 0.92.32-6
 
@@ -54,7 +50,6 @@ linked against Motif and the Motif Window Manager mwm.
 
 %package devel
 Summary: Development libraries and header files
-Group: Development/Libraries
 Conflicts: lesstif-devel <= 0.92.32-6
 Requires: %{name}%{?_isa} = %{version}-%{release}
 Requires: libjpeg-devel%{?_isa} libpng-devel%{?_isa}
@@ -69,7 +64,6 @@ header files and also static libraries necessary to build Motif applications.
 
 %package static
 Summary: Static libraries
-Group: Development/Libraries
 Conflicts: lesstif-devel <= 0.92.32-6
 Requires: %{name}-devel%{?_isa} = %{version}-%{release}
 
@@ -85,7 +79,6 @@ This package contains the static Motif libraries.
 %patch46 -p1 -b .bindings
 %patch47 -p1 -b .no_X11R6
 %patch48 -p1 -b .format-security
-
 %patch49 -p1 -b .rhbz_997241
 %patch50 -p1 -b .motifzone_1654
 %patch51 -p1 -b .motifzone_1564-88bdce1
@@ -93,16 +86,10 @@ This package contains the static Motif libraries.
 %patch53 -p1 -b .motifzone_1660
 %patch54 -p1 -b .motifzone_1612
 %patch55 -p1 -b .long_bit
-%patch56 -p1 -b .cve-2023-43788
-%patch57 -p1 -b .cve-2023-43789
 
 %build
-CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" \
+./autogen.sh
-./autogen.sh --libdir=%{_libdir} --enable-static --enable-xft --enable-jpeg \
+%configure --enable-static --enable-xft --enable-jpeg --enable-png
-   --enable-png
-
-%configure --libdir=%{_libdir} --enable-static --enable-xft --enable-jpeg \
-   --enable-png
 
 make clean %{?_smp_mflags}
 make -C include
@@ -116,11 +103,7 @@ install -m 755 %{SOURCE1} %{buildroot}/etc/X11/xinit/xinitrc.d/xmbind.sh
 
 rm -f %{buildroot}%{_libdir}/*.la
 
-%post -p /sbin/ldconfig
+%ldconfig_scriptlets
-%postun -p /sbin/ldconfig
-
-%clean
-rm -rf %{buildroot}
 
 %files
 %doc COPYING README RELEASE RELNOTES
@@ -152,22 +135,43 @@ rm -rf %{buildroot}
 %{_libdir}/lib*.a
 
 %changelog
-* Mon Nov 27 2023 José Expósito <jexposit@redhat.com> - 2.3.4-20
+* Mon Sep 26 2022 Olivier Fourdan <ofourdan@redhat.com> - 2.3.4-27
-- Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer()
+- Fix LONG_BIT definition missing (rhbz#2125560)
-- Fix CVE-2023-43789: out of bounds read on XPM with corrupted colormap
 
-* Mon Sep 26 2022 Olivier Fourdan <ofourdan@redhat.com> - 2.3.4-19
+* Thu May 12 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-26
-- Fix LONG_BIT definition missing (rhbz#2124810)
+- Added patches from rhel-7
 
-* Wed Sep 07 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-18
+* Thu Feb 03 2022 Adam Jackson <ajax@redhat.com> - 2.3.4-25
-- Version bump
+- Fix invoking autogen/configure so the default CFLAGS actually get applied
+  Resolves: rhbz#2044881
 
-* Fri Apr 08 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-17
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.4-24
-- Added forgotten patches and corrected release number
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Tue Sep 11 2018 Carlos Soriano <csoriano@redhat.com> - 2.3.4-16
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.4-23
-- Fix hardened flags, make sure to always pass LDFLAGS on the spec
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-- Resolves: RHBZ#1624143
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-20
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

sources

@@ -0,0 +1 @@
+612bb8127d0d31da6e5474edf8a5c247  motif-2.3.4-src.tgz