Compare commits
No commits in common. "c8" and "imports/c9/motif-2.3.4-26.el9" have entirely different histories.
c8
...
imports/c9
|
@ -0,0 +1 @@
|
|||
49ecfe2a0939232ca78ce318d938044e7f751b6d SOURCES/motif-2.3.4-src.tgz
|
|
@ -1,54 +0,0 @@
|
|||
From 591ae206f83a359a590090524c286cb03e5c2494 Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Date: Tue, 6 Sep 2022 17:39:19 +0200
|
||||
Subject: [PATCH] EditresCom: Fix build with modern systems.
|
||||
|
||||
The code in _XtGetStringValues() depends on the LONG_BIT define.
|
||||
|
||||
However, modern system require -D_XOPEN_SOURCE to set LONG_BIT, so with
|
||||
the current code as it is, LONG_BIT is not defined (from limits.h) and
|
||||
the build wrongly assumes this is a 32bit build.
|
||||
|
||||
Unfortunately, defining _XOPEN_SOURCE to have LONG_BIT set would disable
|
||||
the definition of caddr_t, a deprecated definition inherited from BSD,
|
||||
so we also need to replace that with a simple cast to (long *).
|
||||
|
||||
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
||||
---
|
||||
lib/Xm/EditresCom.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/Xm/EditresCom.c b/lib/Xm/EditresCom.c
|
||||
index 4114ff8b..c93d6844 100644
|
||||
--- a/lib/Xm/EditresCom.c
|
||||
+++ b/lib/Xm/EditresCom.c
|
||||
@@ -43,6 +43,9 @@ in this Software without prior written authorization from the X Consortium.
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
+#ifndef _XOPEN_SOURCE
|
||||
+#define _XOPEN_SOURCE 700
|
||||
+#endif
|
||||
|
||||
#include <X11/IntrinsicP.h> /* To get into the composite and core widget
|
||||
structures. */
|
||||
@@ -59,6 +62,7 @@ in this Software without prior written authorization from the X Consortium.
|
||||
#include <X11/Xmd.h>
|
||||
|
||||
#include <stdio.h>
|
||||
+#include <limits.h>
|
||||
|
||||
#define _XEditResPutBool _XEditResPut8
|
||||
#define _XEditResPutResourceType _XEditResPut8
|
||||
@@ -1608,7 +1612,7 @@ _XtGetStringValues(Widget w, Arg *warg, int numargs)
|
||||
old_handler = XtAppSetWarningMsgHandler(XtWidgetToApplicationContext(w),
|
||||
EditResCvtWarningHandler);
|
||||
from.size = res->resource_size;
|
||||
- from.addr = (caddr_t)&value;
|
||||
+ from.addr = (void *)&value;
|
||||
to.addr = NULL;
|
||||
to.size = 0;
|
||||
to_color.addr = NULL;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
From 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 Mon Sep 17 00:00:00 2001
|
||||
From: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
Date: Sat, 29 Apr 2023 17:50:39 -0700
|
||||
Subject: [PATCH] Fix CVE-2023-43788: Out of bounds read in
|
||||
XpmCreateXpmImageFromBuffer
|
||||
|
||||
When the test case for CVE-2022-46285 was run with the Address Sanitizer
|
||||
enabled, it found an out-of-bounds read in ParseComment() when reading
|
||||
from a memory buffer instead of a file, as it continued to look for the
|
||||
closing comment marker past the end of the buffer.
|
||||
|
||||
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
---
|
||||
lib/Xm/Xpmdata.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c
|
||||
index 7524e65..0b0f1f3 100644
|
||||
--- a/lib/Xm/Xpmdata.c
|
||||
+++ b/lib/Xm/Xpmdata.c
|
||||
@@ -108,7 +108,7 @@ ParseComment(xpmData *data)
|
||||
n++;
|
||||
s2++;
|
||||
} while (c == *s2 && *s2 != '\0' && c);
|
||||
- if (*s2 == '\0') {
|
||||
+ if (*s2 == '\0' || c == '\0') {
|
||||
/* this is the end of the comment */
|
||||
notend = 0;
|
||||
mdata->cptr--;
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001
|
||||
From: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
Date: Sat, 29 Apr 2023 18:30:34 -0700
|
||||
Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted
|
||||
colormap
|
||||
|
||||
Found with clang's libfuzzer
|
||||
|
||||
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
---
|
||||
lib/Xm/Xpmdata.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c
|
||||
index 0b0f1f3..6e87455 100644
|
||||
--- a/lib/Xm/Xpmdata.c
|
||||
+++ b/lib/Xm/Xpmdata.c
|
||||
@@ -259,13 +259,13 @@ xpmNextWord(
|
||||
int c;
|
||||
|
||||
if (!mdata->type || mdata->type == XPMBUFFER) {
|
||||
- while (isspace(c = *mdata->cptr) && c != mdata->Eos)
|
||||
+ while ((c = *mdata->cptr) && isspace(c) && (c != mdata->Eos))
|
||||
mdata->cptr++;
|
||||
do {
|
||||
c = *mdata->cptr++;
|
||||
*buf++ = c;
|
||||
n++;
|
||||
- } while (!isspace(c) && c != mdata->Eos && n < buflen);
|
||||
+ } while (c && !isspace(c) && (c != mdata->Eos) && (n < buflen));
|
||||
n--;
|
||||
mdata->cptr--;
|
||||
} else {
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -1,9 +1,8 @@
|
|||
Summary: Run-time libraries and programs
|
||||
Name: motif
|
||||
Version: 2.3.4
|
||||
Release: 20%{?dist}
|
||||
Release: 26%{?dist}
|
||||
License: LGPLv2+
|
||||
Group: System Environment/Libraries
|
||||
Source: http://downloads.sf.net/motif/motif-%{version}-src.tgz
|
||||
Source1: xmbind
|
||||
URL: http://www.motifzone.net/
|
||||
|
@ -12,6 +11,7 @@ Provides: openmotif = %{version}-%{release}
|
|||
Requires: xorg-x11-xbitmaps
|
||||
Requires: xorg-x11-xinit
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: automake, libtool, autoconf, flex
|
||||
# flex static libs have been part of flex for RHEL <= 6 and Fedora <= 12
|
||||
%if 0%{?fedora} > 12 || 0%{?rhel} > 6
|
||||
|
@ -29,9 +29,6 @@ Patch43: openMotif-2.3.0-rgbtxt.patch
|
|||
Patch45: motif-2.3.4-mwmrc_dir.patch
|
||||
Patch46: motif-2.3.4-bindings.patch
|
||||
Patch47: openMotif-2.3.0-no_X11R6.patch
|
||||
# FTBFS #1448819
|
||||
Patch48: motif-2.3.4-Fix-issues-with-Werror-format-security.patch
|
||||
|
||||
Patch49: openmotif-2.3.1-rhbz_997241.patch
|
||||
Patch50: motif-2.3.5-motifzone_1654.patch
|
||||
Patch51: motif-2.3.4-motifzone_1564-88bdce1.patch
|
||||
|
@ -39,11 +36,8 @@ Patch52: revert-of-motifzone_1565.patch
|
|||
Patch53: motifzone_1660.patch
|
||||
Patch54: motifzone_1612.patch
|
||||
|
||||
Patch55: 0001-EditresCom-Fix-build-with-modern-systems.patch
|
||||
# CVE-2023-43788
|
||||
Patch56: 0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
|
||||
# CVE-2023-43789
|
||||
Patch57: 0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
|
||||
# FTBFS #1448819
|
||||
Patch48: motif-2.3.4-Fix-issues-with-Werror-format-security.patch
|
||||
|
||||
Conflicts: lesstif <= 0.92.32-6
|
||||
|
||||
|
@ -54,7 +48,6 @@ linked against Motif and the Motif Window Manager mwm.
|
|||
|
||||
%package devel
|
||||
Summary: Development libraries and header files
|
||||
Group: Development/Libraries
|
||||
Conflicts: lesstif-devel <= 0.92.32-6
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: libjpeg-devel%{?_isa} libpng-devel%{?_isa}
|
||||
|
@ -69,7 +62,6 @@ header files and also static libraries necessary to build Motif applications.
|
|||
|
||||
%package static
|
||||
Summary: Static libraries
|
||||
Group: Development/Libraries
|
||||
Conflicts: lesstif-devel <= 0.92.32-6
|
||||
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
||||
|
||||
|
@ -85,24 +77,16 @@ This package contains the static Motif libraries.
|
|||
%patch46 -p1 -b .bindings
|
||||
%patch47 -p1 -b .no_X11R6
|
||||
%patch48 -p1 -b .format-security
|
||||
|
||||
%patch49 -p1 -b .rhbz_997241
|
||||
%patch50 -p1 -b .motifzone_1654
|
||||
%patch51 -p1 -b .motifzone_1564-88bdce1
|
||||
%patch52 -p1 -b .revert-of-motifzone_1565
|
||||
%patch53 -p1 -b .motifzone_1660
|
||||
%patch54 -p1 -b .motifzone_1612
|
||||
%patch55 -p1 -b .long_bit
|
||||
%patch56 -p1 -b .cve-2023-43788
|
||||
%patch57 -p1 -b .cve-2023-43789
|
||||
|
||||
%build
|
||||
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" \
|
||||
./autogen.sh --libdir=%{_libdir} --enable-static --enable-xft --enable-jpeg \
|
||||
--enable-png
|
||||
|
||||
%configure --libdir=%{_libdir} --enable-static --enable-xft --enable-jpeg \
|
||||
--enable-png
|
||||
./autogen.sh
|
||||
%configure --enable-static --enable-xft --enable-jpeg --enable-png
|
||||
|
||||
make clean %{?_smp_mflags}
|
||||
make -C include
|
||||
|
@ -116,11 +100,7 @@ install -m 755 %{SOURCE1} %{buildroot}/etc/X11/xinit/xinitrc.d/xmbind.sh
|
|||
|
||||
rm -f %{buildroot}%{_libdir}/*.la
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%files
|
||||
%doc COPYING README RELEASE RELNOTES
|
||||
|
@ -152,22 +132,40 @@ rm -rf %{buildroot}
|
|||
%{_libdir}/lib*.a
|
||||
|
||||
%changelog
|
||||
* Mon Nov 27 2023 José Expósito <jexposit@redhat.com> - 2.3.4-20
|
||||
- Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer()
|
||||
- Fix CVE-2023-43789: out of bounds read on XPM with corrupted colormap
|
||||
* Thu May 12 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-26
|
||||
- Added patches from rhel-7
|
||||
|
||||
* Mon Sep 26 2022 Olivier Fourdan <ofourdan@redhat.com> - 2.3.4-19
|
||||
- Fix LONG_BIT definition missing (rhbz#2124810)
|
||||
* Thu Feb 03 2022 Adam Jackson <ajax@redhat.com> - 2.3.4-25
|
||||
- Fix invoking autogen/configure so the default CFLAGS actually get applied
|
||||
Resolves: rhbz#2044881
|
||||
|
||||
* Wed Sep 07 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-18
|
||||
- Version bump
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.4-24
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Fri Apr 08 2022 Mika Penttila <mpenttil@redhat.com> - 2.3.4-17
|
||||
- Added forgotten patches and corrected release number
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.4-23
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Tue Sep 11 2018 Carlos Soriano <csoriano@redhat.com> - 2.3.4-16
|
||||
- Fix hardened flags, make sure to always pass LDFLAGS on the spec
|
||||
- Resolves: RHBZ#1624143
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-22
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-21
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-20
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-19
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-18
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-17
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-16
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-15
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
|
Loading…
Reference in New Issue