rpms
/
libXpm
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import libXpm-3.5.13-10.el9

Browse Source
c9-beta imports/c9-beta/libXpm-3.5.13-10.el9
MSVSphere Packaging Team 11 months ago
commit 5027c3eb2e
11 changed files with 785 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/libXpm-3.5.13.tar.bz2

1
.libXpm.metadata
Unescape View File

@ -0,0 +1 @@
38b1a2728adb49f4e255aba1530f51789815ffc4 SOURCES/libXpm-3.5.13.tar.bz2

37
SOURCES/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
Unescape View File

@ -0,0 +1,37 @@
From c6cd85b7d0a725552a7277748504a33f0fc3e121 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 17 Dec 2022 12:23:45 -0800
Subject: [PATCH libXpm 1/6] Fix CVE-2022-46285: Infinite loop on unclosed
comments
When reading XPM images from a file with libXpm 3.5.14 or older, if a
comment in the file is not closed (i.e. a C-style comment starts with
"/*" and is missing the closing "*/"), the ParseComment() function will
loop forever calling getc() to try to read the rest of the comment,
failing to notice that it has returned EOF, which may cause a denial of
service to the calling program.
Reported-by: Marco Ivaldi <raptor@0xdeadbeef.info>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/data.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/data.c b/src/data.c
index 898889c..bfad4ff 100644
--- a/src/data.c
+++ b/src/data.c
@@ -174,6 +174,10 @@ ParseComment(xpmData *data)
notend = 0;
Ungetc(data, *s, file);
}
+ else if (c == EOF) {
+ /* hit end of file before the end of the comment */
+ return XpmFileInvalid;
+ }
}
return 0;
}
--
2.39.0

32
SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
Unescape View File

@ -0,0 +1,32 @@
From 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 29 Apr 2023 17:50:39 -0700
Subject: [PATCH] Fix CVE-2023-43788: Out of bounds read in
XpmCreateXpmImageFromBuffer
When the test case for CVE-2022-46285 was run with the Address Sanitizer
enabled, it found an out-of-bounds read in ParseComment() when reading
from a memory buffer instead of a file, as it continued to look for the
closing comment marker past the end of the buffer.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/data.c b/src/data.c
index 7524e65..0b0f1f3 100644
--- a/src/data.c
+++ b/src/data.c
@@ -108,7 +108,7 @@ ParseComment(xpmData *data)
n++;
s2++;
} while (c == *s2 && *s2 != '\0' && c);
- if (*s2 == '\0') {
+ if (*s2 == '\0' || c == '\0') {
/* this is the end of the comment */
notend = 0;
data->cptr--;
--
2.41.0

36
SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
Unescape View File

@ -0,0 +1,36 @@
From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 29 Apr 2023 18:30:34 -0700
Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted
colormap
Found with clang's libfuzzer
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/data.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/data.c b/src/data.c
index 0b0f1f3..6e87455 100644
--- a/src/data.c
+++ b/src/data.c
@@ -259,13 +259,13 @@ xpmNextWord(
int c;
if (!data->type || data->type == XPMBUFFER) {
- while (isspace(c = *data->cptr) && c != data->Eos)
+ while ((c = *data->cptr) && isspace(c) && (c != data->Eos))
data->cptr++;
do {
c = *data->cptr++;
*buf++ = c;
n++;
- } while (!isspace(c) && c != data->Eos && n < buflen);
+ } while (c && !isspace(c) && (c != data->Eos) && (n < buflen));
n--;
data->cptr--;
} else {
--
2.41.0

151
SOURCES/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
Unescape View File

@ -0,0 +1,151 @@
From 0a1959b3b061d2e6d0a512e83035d84e5828f388 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 7 Jan 2023 12:44:28 -0800
Subject: [PATCH libXpm 2/6] Fix CVE-2022-44617: Runaway loop with width of 0
and enormous height
When reading XPM images from a file with libXpm 3.5.14 or older, if a
image has a width of 0 and a very large height, the ParsePixels() function
will loop over the entire height calling getc() and ungetc() repeatedly,
or in some circumstances, may loop seemingly forever, which may cause a
denial of service to the calling program when given a small crafted XPM
file to parse.
Closes: #2
Reported-by: Martin Ettl <ettl.martin78@googlemail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/data.c | 20 ++++++++++++++------
src/parse.c | 31 +++++++++++++++++++++++++++----
2 files changed, 41 insertions(+), 10 deletions(-)
diff --git a/src/data.c b/src/data.c
index bfad4ff..7524e65 100644
--- a/src/data.c
+++ b/src/data.c
@@ -195,19 +195,23 @@ xpmNextString(xpmData *data)
register char c;
/* get to the end of the current string */
- if (data->Eos)
- while ((c = *data->cptr++) && c != data->Eos);
+ if (data->Eos) {
+ while ((c = *data->cptr++) && c != data->Eos && c != '\0');
+
+ if (c == '\0')
+ return XpmFileInvalid;
+ }
/*
* then get to the beginning of the next string looking for possible
* comment
*/
if (data->Bos) {
- while ((c = *data->cptr++) && c != data->Bos)
+ while ((c = *data->cptr++) && c != data->Bos && c != '\0')
if (data->Bcmt && c == data->Bcmt[0])
ParseComment(data);
} else if (data->Bcmt) { /* XPM2 natural */
- while ((c = *data->cptr++) == data->Bcmt[0])
+ while (((c = *data->cptr++) == data->Bcmt[0]) && c != '\0')
ParseComment(data);
data->cptr--;
}
@@ -216,9 +220,13 @@ xpmNextString(xpmData *data)
FILE *file = data->stream.file;
/* get to the end of the current string */
- if (data->Eos)
+ if (data->Eos) {
while ((c = Getc(data, file)) != data->Eos && c != EOF);
+ if (c == EOF)
+ return XpmFileInvalid;
+ }
+
/*
* then get to the beginning of the next string looking for possible
* comment
@@ -234,7 +242,7 @@ xpmNextString(xpmData *data)
Ungetc(data, c, file);
}
}
- return 0;
+ return XpmSuccess;
}
diff --git a/src/parse.c b/src/parse.c
index 613529e..606789d 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -427,6 +427,13 @@ ParsePixels(
{
unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */
unsigned int a, x, y;
+ int ErrorStatus;
+
+ if ((width == 0) && (height != 0))
+ return (XpmFileInvalid);
+
+ if ((height == 0) && (width != 0))
+ return (XpmFileInvalid);
if ((height > 0 && width >= UINT_MAX / height) ||
width * height >= UINT_MAX / sizeof(unsigned int))
@@ -464,7 +471,11 @@ ParsePixels(
colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
int c = xpmGetC(data);
@@ -511,7 +522,11 @@ do \
}
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
int cc1 = xpmGetC(data);
if (cc1 > 0 && cc1 < 256) {
@@ -551,7 +566,11 @@ do \
xpmHashAtom *slot;
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
for (a = 0, s = buf; a < cpp; a++, s++) {
int c = xpmGetC(data);
@@ -571,7 +590,11 @@ do \
}
} else {
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
for (a = 0, s = buf; a < cpp; a++, s++) {
int c = xpmGetC(data);
--
2.39.0

39
SOURCES/0003-Prevent-a-double-free-in-the-error-code-path.patch
Unescape View File

@ -0,0 +1,39 @@
From ad5a88046266478c2c9600f6d8a11ab707cb4c7e Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Thu, 12 Jan 2023 15:05:39 +1000
Subject: [PATCH libXpm 3/6] Prevent a double free in the error code path
xpmParseDataAndCreate() calls XDestroyImage() in the error path.
Reproducible with sxpm "zero-width.xpm", that file is in the test/
directory.
The same approach is needed in the bytes_per_line == 0 condition though
here it just plugs a memory leak.
---
src/create.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/create.c b/src/create.c
index a750846..0f3735c 100644
--- a/src/create.c
+++ b/src/create.c
@@ -994,11 +994,15 @@ CreateXImage(
#if !defined(FOR_MSW) && !defined(AMIGA)
if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) {
XDestroyImage(*image_return);
+ *image_return = NULL;
return XpmNoMemory;
}
/* now that bytes_per_line must have been set properly alloc data */
- if((*image_return)->bytes_per_line == 0 || height == 0)
+ if((*image_return)->bytes_per_line == 0 || height == 0) {
+ XDestroyImage(*image_return);
+ *image_return = NULL;
return XpmNoMemory;
+ }
(*image_return)->data =
(char *) XpmMalloc((*image_return)->bytes_per_line * height);
--
2.39.0

95
SOURCES/0004-configure-add-disable-open-zfile-instead-of-requirin.patch
Unescape View File

@ -0,0 +1,95 @@
From 6fd1ea0d559a433aecccb21b63e91776e05a0831 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Thu, 5 Jan 2023 15:42:36 -0800
Subject: [PATCH libXpm 4/6] configure: add --disable-open-zfile instead of
requiring -DNO_ZPIPE
Documents the two compression options in the README, makes their
configure options reflect the interdependency of their implementation,
and makes the configure script report their configuration.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
README.md | 15 +++++++++++++++
configure.ac | 36 +++++++++++++++++++++++-------------
2 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/README.md b/README.md
index f661e15..f3f4c93 100644
--- a/README.md
+++ b/README.md
@@ -16,3 +16,18 @@ For patch submission instructions, see:
https://www.x.org/wiki/Development/Documentation/SubmittingPatches
+------------------------------------------------------------------------------
+
+libXpm supports two optional features to handle compressed pixmap files.
+
+--enable-open-zfile makes libXpm recognize file names ending in .Z and .gz
+and open a pipe to the appropriate command to compress the file when writing
+and uncompress the file when reading. This is enabled by default on platforms
+other than MinGW and can be disabled by passing the --disable-open-zfile flag
+to the configure script.
+
+--enable-stat-zfile make libXpm search for a file name with .Z or .gz added
+if it can't find the file it was asked to open. It relies on the
+--enable-open-zfile feature to open the file, and is enabled by default
+when --enable-open-zfile is enabled, and can be disabled by passing the
+--disable-stat-zfile flag to the configure script.
diff --git a/configure.ac b/configure.ac
index 365544b..85e2c73 100644
--- a/configure.ac
+++ b/configure.ac
@@ -49,25 +49,35 @@ if test "x$USE_GETTEXT" = "xyes" ; then
fi
AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes")
+# Optional feature: When a filename ending in .Z or .gz is requested,
+# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
+# handle it.
+AC_MSG_CHECKING([whether to handle compressed pixmaps])
+case $host_os in
+ *mingw*) zpipe_default="no" ;;
+ *) zpipe_default="yes" ;;
+esac
+AC_ARG_ENABLE(open-zfile,
+ AS_HELP_STRING([--enable-open-zfile],
+ [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]),
+ [OPEN_ZFILE=$enableval], [OPEN_ZFILE=yes])
+AC_MSG_RESULT([$OPEN_ZFILE])
+if test x$OPEN_ZFILE = xno ; then
+ AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes])
+fi
+
# Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz
# Replaces ZFILEDEF = -DSTAT_ZFILE in old Imakefile
+AC_MSG_CHECKING([whether to search for compressed pixmaps])
AC_ARG_ENABLE(stat-zfile,
- AS_HELP_STRING([--enable-stat-zfile],
- [Search for files with .Z & .gz extensions automatically @<:@default=yes@:>@]),
- [STAT_ZFILE=$enableval], [STAT_ZFILE=yes])
+ AS_HELP_STRING([--enable-stat-zfile],
+ [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]),
+ [STAT_ZFILE=$enableval], [STAT_ZFILE=$OPEN_ZFILE])
+AC_MSG_RESULT([$STAT_ZFILE])
if test x$STAT_ZFILE = xyes ; then
- AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions])
+ AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions])
fi
-
-case $host_os in
- *mingw*)
- AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes])
- ;;
- *)
- ;;
-esac
-
AC_CONFIG_FILES([Makefile
doc/Makefile
include/Makefile
--
2.39.0

144
SOURCES/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
Unescape View File

@ -0,0 +1,144 @@
From cdbc3fa8edc5b42391a5f2bfe1a8f6099929acf7 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 6 Jan 2023 12:50:48 -0800
Subject: [PATCH libXpm 5/6] Fix CVE-2022-4883: compression commands depend on
$PATH
By default, on all platforms except MinGW, libXpm will detect if a
filename ends in .Z or .gz, and will when reading such a file fork off
an uncompress or gunzip command to read from via a pipe, and when
writing such a file will fork off a compress or gzip command to write
to via a pipe.
In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
to find the commands. If libXpm is called from a program running with
raised privileges, such as via setuid, then a malicious user could set
$PATH to include programs of their choosing to be run with those
privileges.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
README.md | 12 ++++++++++++
configure.ac | 14 ++++++++++++++
src/RdFToI.c | 17 ++++++++++++++---
src/WrFFrI.c | 4 ++--
4 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index f3f4c93..0b1c886 100644
--- a/README.md
+++ b/README.md
@@ -31,3 +31,15 @@ if it can't find the file it was asked to open. It relies on the
--enable-open-zfile feature to open the file, and is enabled by default
when --enable-open-zfile is enabled, and can be disabled by passing the
--disable-stat-zfile flag to the configure script.
+
+All of these commands will be executed with whatever userid & privileges the
+function is called with, relying on the caller to ensure the correct euid,
+egid, etc. are set before calling.
+
+To reduce risk, the paths to these commands are now set at configure time to
+the first version found in the PATH used to run configure, and do not depend
+on the PATH environment variable set at runtime.
+
+To specify paths to be used for these commands instead of searching $PATH, pass
+the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP
+variables to the configure command.
diff --git a/configure.ac b/configure.ac
index 85e2c73..4fc370d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -49,6 +49,14 @@ if test "x$USE_GETTEXT" = "xyes" ; then
fi
AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes")
+dnl Helper macro to find absolute path to program and add a #define for it
+AC_DEFUN([XPM_PATH_PROG],[
+AC_PATH_PROG([$1], [$2], [])
+AS_IF([test "x$$1" = "x"],
+ [AC_MSG_ERROR([$2 not found, set $1 or use --disable-stat-zfile])])
+AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2])
+]) dnl End of AC_DEFUN([XPM_PATH_PROG]...
+
# Optional feature: When a filename ending in .Z or .gz is requested,
# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
# handle it.
@@ -64,6 +72,12 @@ AC_ARG_ENABLE(open-zfile,
AC_MSG_RESULT([$OPEN_ZFILE])
if test x$OPEN_ZFILE = xno ; then
AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes])
+else
+ XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress])
+ XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress])
+ XPM_PATH_PROG([XPM_PATH_GZIP], [gzip])
+ XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip])
+ AC_CHECK_FUNCS([closefrom close_range], [break])
fi
# Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz
diff --git a/src/RdFToI.c b/src/RdFToI.c
index bd09611..a91d337 100644
--- a/src/RdFToI.c
+++ b/src/RdFToI.c
@@ -43,6 +43,7 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <unistd.h>
#else
#ifdef FOR_MSW
#include <fcntl.h>
@@ -161,7 +162,17 @@ xpmPipeThrough(
goto err;
if ( 0 == pid )
{
- execlp(cmd, cmd, arg1, (char *)NULL);
+#ifdef HAVE_CLOSEFROM
+ closefrom(3);
+#elif defined(HAVE_CLOSE_RANGE)
+# ifdef CLOSE_RANGE_UNSHARE
+# define close_range_flags CLOSE_RANGE_UNSHARE
+# else
+# define close_range_flags 0
+#endif
+ close_range(3, ~0U, close_range_flags);
+#endif
+ execl(cmd, cmd, arg1, (char *)NULL);
perror(cmd);
goto err;
}
@@ -235,12 +246,12 @@ OpenReadFile(
if ( ext && !strcmp(ext, ".Z") )
{
mdata->type = XPMPIPE;
- mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r");
}
else if ( ext && !strcmp(ext, ".gz") )
{
mdata->type = XPMPIPE;
- mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r");
}
else
#endif /* z-files */
diff --git a/src/WrFFrI.c b/src/WrFFrI.c
index 328c987..d59098f 100644
--- a/src/WrFFrI.c
+++ b/src/WrFFrI.c
@@ -342,10 +342,10 @@ OpenWriteFile(
#ifndef NO_ZPIPE
len = strlen(filename);
if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
- mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_COMPRESS, NULL, "w");
mdata->type = XPMPIPE;
} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
- mdata->stream.file = xpmPipeThrough(fd, "gzip", "-q", "w");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-q", "w");
mdata->type = XPMPIPE;
} else
#endif
--
2.39.0

68
SOURCES/0006-Use-gzip-d-instead-of-gunzip.patch
Unescape View File

@ -0,0 +1,68 @@
From 999005133c928c841e98600c00e12d4c05846c91 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 16 Jan 2023 19:44:52 +1000
Subject: [PATCH libXpm 6/6] Use gzip -d instead of gunzip
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
/usr/bin/gunzip with the correct built-in path, the actual gzip call
will use whichever gzip it finds first, making our patch pointless.
Fix this by explicitly calling gzip -d instead.
[1] https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
README.md | 2 +-
configure.ac | 3 +--
src/RdFToI.c | 2 +-
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 0b1c886..d906954 100644
--- a/README.md
+++ b/README.md
@@ -41,5 +41,5 @@ the first version found in the PATH used to run configure, and do not depend
on the PATH environment variable set at runtime.
To specify paths to be used for these commands instead of searching $PATH, pass
-the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP
+the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, and XPM_PATH_GZIP
variables to the configure command.
diff --git a/configure.ac b/configure.ac
index 4fc370d..5535998 100644
--- a/configure.ac
+++ b/configure.ac
@@ -58,7 +58,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2])
]) dnl End of AC_DEFUN([XPM_PATH_PROG]...
# Optional feature: When a filename ending in .Z or .gz is requested,
-# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
+# open a pipe to a newly forked compress/uncompress/gzip command to
# handle it.
AC_MSG_CHECKING([whether to handle compressed pixmaps])
case $host_os in
@@ -76,7 +76,6 @@ else
XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress])
XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress])
XPM_PATH_PROG([XPM_PATH_GZIP], [gzip])
- XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip])
AC_CHECK_FUNCS([closefrom close_range], [break])
fi
diff --git a/src/RdFToI.c b/src/RdFToI.c
index a91d337..141c485 100644
--- a/src/RdFToI.c
+++ b/src/RdFToI.c
@@ -251,7 +251,7 @@ OpenReadFile(
else if ( ext && !strcmp(ext, ".gz") )
{
mdata->type = XPMPIPE;
- mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r");
}
else
#endif /* z-files */
--
2.39.0

181
SPECS/libXpm.spec
Unescape View File

@ -0,0 +1,181 @@
Summary: X.Org X11 libXpm runtime library
Name: libXpm
Version: 3.5.13
Release: 10%{?dist}
License: MIT
URL: http://www.x.org
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
BuildRequires: xorg-x11-util-macros
BuildRequires: autoconf automake libtool make
BuildRequires: gettext
BuildRequires: pkgconfig(xext) pkgconfig(xt) pkgconfig(xau)
BuildRequires: ncompress gzip
# CVE-2022-46285
Patch0001: 0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
# CVE-2022-44617
Patch0002: 0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
Patch0003: 0003-Prevent-a-double-free-in-the-error-code-path.patch
# CVE-2022-4883
Patch0004: 0004-configure-add-disable-open-zfile-instead-of-requirin.patch
Patch0005: 0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
Patch0006: 0006-Use-gzip-d-instead-of-gunzip.patch
# CVE-2023-43788
Patch0007: 0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
# CVE-2023-43789
Patch0008: 0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
%description
X.Org X11 libXpm runtime library
%package devel
Summary: X.Org X11 libXpm development package
Requires: %{name} = %{version}-%{release}
%description devel
X.Org X11 libXpm development package
%prep
%setup -q
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
%patch0004 -p1
%patch0005 -p1
%patch0006 -p1
%patch0007 -p1
%patch0008 -p1
%build
autoreconf -v --install --force
%configure --disable-static
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
# We intentionally don't ship *.la files
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%ldconfig_post
%ldconfig_postun
%files
%doc AUTHORS COPYING ChangeLog
%{_libdir}/libXpm.so.4
%{_libdir}/libXpm.so.4.11.0
%files devel
%{_bindir}/cxpm
%{_bindir}/sxpm
%{_includedir}/X11/xpm.h
%{_libdir}/libXpm.so
%{_libdir}/pkgconfig/xpm.pc
#%dir %{_mandir}/man1x
%{_mandir}/man1/*.1*
#%{_mandir}/man1/*.1x*
%changelog
* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.13-10
- Drop hardening patches from previous version to keep ABI compatibility
* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.13-9
- CVE-2023-43786 libX11: stack exhaustion from infinite recursion
in PutSubImage()
- CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
a heap overflow
- CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
- CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap
* Mon Jan 16 2023 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.13-8
- Fix CVE-2022-46285: infinite loop on unclosed comments (#2160230)
- Fix CVE-2022-44617: runaway loop with width of 0 (#2160232)
- Fix CVE-2022-4883: compression depends on $PATH (#2160242)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.5.13-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.5.13-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 05 2021 Peter Hutterer <peter.hutterer@redhat.com> 3.5.13-4
- Add make to BuildRequires
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Dec 13 2019 Peter Hutterer <peter.hutterer@redhat.com> 3.5.13-1
- libXpm 3.5.13
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jul 05 2018 Adam Jackson <ajax@redhat.com> - 3.5.12-7
- Drop useless %%defattr
* Fri Jun 29 2018 Adam Jackson <ajax@redhat.com> - 3.5.12-6
- Use ldconfig scriptlet macros
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jan 05 2017 Benjamin Tissoires <benjamin.tissoires@redhat.com> 3.5.12-1
- libXpm 3.5.12
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.11-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Feb 12 2014 Adam Jackson <ajax@redhat.com> 3.5.11-1
- libXpm 3.5.11
- Drop pre-F18 changelog
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Mar 07 2013 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.10-4
- autoreconf for aarch64
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Mar 08 2012 Adam Jackson <ajax@redhat.com> 3.5.10-1
- libXpm 3.5.10
Write Preview
Loading…
Cancel
Save