From e3cb25ae2365b58ca96aabaed5c0e595b60bee19 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 29 Jan 2025 03:05:08 +0300 Subject: [PATCH] import motif-2.3.4-21.el8_10 --- ...88-Out-of-bounds-read-in-XpmCreateXp.patch | 32 ++ ...89-Out-of-bounds-read-on-XPM-with-co.patch | 36 ++ ...uild-Check-for-Xinerama-availability.patch | 61 +++ ...isplay-Add-optional-Xinerama-support.patch | 419 ++++++++++++++++++ ...enuShell-Use-Xinerama-to-place-menus.patch | 119 +++++ ...-DropDown-Use-Xinerama-for-placement.patch | 65 +++ ...Xm-RCMenu-Use-Xinerama-for-placement.patch | 70 +++ ...m-Tooltip-Use-Xinerama-for-placement.patch | 53 +++ ...-ComboBox-Use-Xinerama-for-placement.patch | 51 +++ SPECS/motif.spec | 33 +- 10 files changed, 938 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch create mode 100644 SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch create mode 100644 SOURCES/0001-build-Check-for-Xinerama-availability.patch create mode 100644 SOURCES/0002-Xm-Display-Add-optional-Xinerama-support.patch create mode 100644 SOURCES/0003-Xm-MenuShell-Use-Xinerama-to-place-menus.patch create mode 100644 SOURCES/0004-Xm-DropDown-Use-Xinerama-for-placement.patch create mode 100644 SOURCES/0005-Xm-RCMenu-Use-Xinerama-for-placement.patch create mode 100644 SOURCES/0006-Xm-Tooltip-Use-Xinerama-for-placement.patch create mode 100644 SOURCES/0007-Xm-ComboBox-Use-Xinerama-for-placement.patch diff --git a/SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch b/SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch new file mode 100644 index 0000000..5ee660d --- /dev/null +++ b/SOURCES/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch @@ -0,0 +1,32 @@ +From 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Sat, 29 Apr 2023 17:50:39 -0700 +Subject: [PATCH] Fix CVE-2023-43788: Out of bounds read in + XpmCreateXpmImageFromBuffer + +When the test case for CVE-2022-46285 was run with the Address Sanitizer +enabled, it found an out-of-bounds read in ParseComment() when reading +from a memory buffer instead of a file, as it continued to look for the +closing comment marker past the end of the buffer. + +Signed-off-by: Alan Coopersmith +--- + lib/Xm/Xpmdata.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c +index 7524e65..0b0f1f3 100644 +--- a/lib/Xm/Xpmdata.c ++++ b/lib/Xm/Xpmdata.c +@@ -108,7 +108,7 @@ ParseComment(xpmData *data) + n++; + s2++; + } while (c == *s2 && *s2 != '\0' && c); +- if (*s2 == '\0') { ++ if (*s2 == '\0' || c == '\0') { + /* this is the end of the comment */ + notend = 0; + mdata->cptr--; +-- +2.41.0 + diff --git a/SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch b/SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch new file mode 100644 index 0000000..292988b --- /dev/null +++ b/SOURCES/0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch @@ -0,0 +1,36 @@ +From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Sat, 29 Apr 2023 18:30:34 -0700 +Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted + colormap + +Found with clang's libfuzzer + +Signed-off-by: Alan Coopersmith +--- + lib/Xm/Xpmdata.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c +index 0b0f1f3..6e87455 100644 +--- a/lib/Xm/Xpmdata.c ++++ b/lib/Xm/Xpmdata.c +@@ -259,13 +259,13 @@ xpmNextWord( + int c; + + if (!mdata->type || mdata->type == XPMBUFFER) { +- while (isspace(c = *mdata->cptr) && c != mdata->Eos) ++ while ((c = *mdata->cptr) && isspace(c) && (c != mdata->Eos)) + mdata->cptr++; + do { + c = *mdata->cptr++; + *buf++ = c; + n++; +- } while (!isspace(c) && c != mdata->Eos && n < buflen); ++ } while (c && !isspace(c) && (c != mdata->Eos) && (n < buflen)); + n--; + mdata->cptr--; + } else { +-- +2.41.0 + diff --git a/SOURCES/0001-build-Check-for-Xinerama-availability.patch b/SOURCES/0001-build-Check-for-Xinerama-availability.patch new file mode 100644 index 0000000..3931927 --- /dev/null +++ b/SOURCES/0001-build-Check-for-Xinerama-availability.patch @@ -0,0 +1,61 @@ +From 49791ea9aa84c64af114f564d4c46228263d1439 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Tue, 19 Nov 2024 18:40:33 +0100 +Subject: [PATCH 1/7] build: Check for Xinerama availability + +Signed-off-by: Olivier Fourdan +--- + configure.ac | 22 ++++++++++++++++++++++ + lib/Xm/Makefile.am | 2 +- + 2 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index d57f71e6..f0b2617d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -280,7 +280,29 @@ AC_SUBST(LIB_XP) + AC_FIND_XFT + AC_IMAGE_SUPPORT + ++AC_ARG_ENABLE(xinerama,[ --enable-xinerama Enable Xinerama (default=yes)]) ++if test "x$enable_xinerama" = "x" ++then ++ enable_xinerama="yes" ++fi ++ ++if test "x$enable_xinerama" = "xyes" ++then ++ AC_MSG_CHECKING([for libXinerama]) ++ AC_CHECK_HEADERS(X11/extensions/Xinerama.h, ++ AC_CHECK_LIB(Xinerama, XineramaQueryExtension, ,enable_xinerama="no"), ++ enable_xinerama="no") ++fi ++ ++if test "x$enable_xinerama" = "xyes" ++then ++ LIB_XINERAMA=-lXinerama ++else ++ LIB_XINERAMA= ++fi + ++AM_CONDITIONAL(XINERAMA, test "$enable_xinerama" = "yes") ++AC_SUBST(LIB_XINERAMA) + + # AM_CONDITIONAL(Motif22Compatibility, test x$enable_motif22_compatibility = xyes) + +diff --git a/lib/Xm/Makefile.am b/lib/Xm/Makefile.am +index a95fa2db..07b733f5 100644 +--- a/lib/Xm/Makefile.am ++++ b/lib/Xm/Makefile.am +@@ -71,7 +71,7 @@ else + PRINTS_SRC = + endif + +-libXm_la_LIBADD = ${X_LIBS} ${X_XMU} -lXt -lXext ${LIB_XP} -lX11 ${X_EXTRA_LIBS} ++libXm_la_LIBADD = ${X_LIBS} ${X_XMU} -lXt -lXext ${LIB_XP} ${LIB_XINERAMA} -lX11 ${X_EXTRA_LIBS} + + noinst_HEADERS = BaseClassI.h \ + BitmapsI.h \ +-- +2.47.1 + diff --git a/SOURCES/0002-Xm-Display-Add-optional-Xinerama-support.patch b/SOURCES/0002-Xm-Display-Add-optional-Xinerama-support.patch new file mode 100644 index 0000000..bde8695 --- /dev/null +++ b/SOURCES/0002-Xm-Display-Add-optional-Xinerama-support.patch @@ -0,0 +1,419 @@ +From 011e62e69fb87e78a128487a043cc13b042bb8b5 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Wed, 20 Nov 2024 10:26:28 +0100 +Subject: [PATCH 2/7] Xm/Display: Add optional Xinerama support + +Xinerama support is disabled by default, unless the Xresource +"enableXinerama" is set in the X resources database, e.g.: + + *enableXinerama: True + +This also provides an additional private Screen API to get the monitor +boundaries given a point on screen. This is meant to be used in the +following commits to implement Xinerama awareness in the relevant +widgets. + +Signed-off-by: Olivier Fourdan +--- + doc/man/man3/XmDisplay.3 | 2 + + lib/Xm/Display.c | 95 +++++++++++++++++++++++++++++ + lib/Xm/DisplayP.h | 18 ++++++ + lib/Xm/Screen.c | 128 +++++++++++++++++++++++++++++++++++++++ + lib/Xm/ScreenP.h | 8 +++ + lib/Xm/xmstring.list.in | 2 + + 6 files changed, 253 insertions(+) + +diff --git a/doc/man/man3/XmDisplay.3 b/doc/man/man3/XmDisplay.3 +index a57ea089..ec360c80 100644 +--- a/doc/man/man3/XmDisplay.3 ++++ b/doc/man/man3/XmDisplay.3 +@@ -158,6 +158,8 @@ XmNnoRenditionCallbackXmCCallbackXtCallbackListNULLC + _____ + XmNuserDataXmCUserDataXtPointerNULLCSG + _____ ++XmNenableXineramaXmCEnableXineramaBooleanFalseC ++_____ + .TE + .IP "\fBXmNdefaultButtonEmphasis\fP" 10 + Specifies whether to change the look of the PushButton widget and +diff --git a/lib/Xm/Display.c b/lib/Xm/Display.c +index 55fe4cd3..3ab047f2 100644 +--- a/lib/Xm/Display.c ++++ b/lib/Xm/Display.c +@@ -35,6 +35,9 @@ static char rcsid[] = "$TOG: Display.c /main/23 1997/06/18 17:36:59 samborn $" + + #include + #include ++#ifdef HAVE_LIBXINERAMA ++#include ++#endif + + #include + #include +@@ -273,6 +276,13 @@ static XtResource resources[] = { + XtOffsetOf(WMShellRec, wm.wm_hints.icon_pixmap), + XmRImmediate, NULL + }, ++ /* Xinerama support */ ++ { ++ XmNenableXinerama, XmCEnableXinerama, ++ XmRBoolean, sizeof(Boolean), ++ Offset(display.enable_xinerama), ++ XmRImmediate, (XtPointer) False ++ }, + }; + + #undef Offset +@@ -388,6 +398,45 @@ DisplayClassInitialize( void ) + XmMakeCanonicalString("_MOTIF_DRAG_AND_DROP_MESSAGE"); + } + ++static void ++DisplayInitializeXinerama( XmDisplay xmDisplay ) ++{ ++#ifdef HAVE_LIBXINERAMA ++ Display *display = XtDisplay(xmDisplay); ++ int dummy1, dummy2; ++ Status have_xinerama; ++ ++ xmDisplay->display.monitors = NULL; ++ xmDisplay->display.n_monitors = 0; ++ ++ /* Xinerama support is disabled by default, unless XmNenableXinerama is set */ ++ if (!xmDisplay->display.enable_xinerama) { ++#ifdef DEBUG_XINERAMA ++ printf("XINERAMA support not enabled\n"); ++#endif /* DEBUG_XINERAMA */ ++ return; ++ } ++ ++ if (!XineramaQueryExtension(display, &dummy1, &dummy2)) { ++#ifdef DEBUG_XINERAMA ++ printf("XINERAMA extension not available\n"); ++#endif /* DEBUG_XINERAMA */ ++ xmDisplay->display.enable_xinerama = False; ++ return; ++ } ++ ++ if (!XineramaIsActive(display)) { ++#ifdef DEBUG_XINERAMA ++ printf("XINERAMA extension not activated\n"); ++#endif /* DEBUG_XINERAMA */ ++ xmDisplay->display.enable_xinerama = False; ++ return; ++ } ++ ++ _XmDisplayUpdateXinerama(xmDisplay); ++#endif /* HAVE_LIBXINERAMA */ ++} ++ + /*ARGSUSED*/ + static void + SetDragReceiverInfo( +@@ -553,6 +602,8 @@ DisplayInitialize( + XmDRAG_PREFER_PREREGISTER; + } + ++ DisplayInitializeXinerama(xmDisplay); ++ + _XmVirtKeysInitialize (new_widget); + + _XmProcessLock(); +@@ -672,6 +723,9 @@ DisplayDestroy( + + _XmVirtKeysDestroy (w); + ++#ifdef HAVE_LIBXINERAMA ++ XFree(dd->display.monitors); ++#endif /* HAVE_LIBXINERAMA */ + XDeleteContext( XtDisplay( w), None, context) ; + } + +@@ -1225,3 +1279,44 @@ _XmSetThicknessDefault0( + value->addr = (XPointer)&thickness; + + } ++ ++ ++Boolean ++_XmDisplayUseXinerama( ++ XmDisplay xmDisplay ) ++{ ++ return xmDisplay && xmDisplay->display.enable_xinerama; ++} ++ ++ ++void ++_XmDisplayUpdateXinerama( ++ XmDisplay xmDisplay ) ++{ ++#ifdef HAVE_LIBXINERAMA ++#ifdef DEBUG_XINERAMA ++ int i; ++#endif /* DEBUG_XINERAMA */ ++ ++ if (!_XmDisplayUseXinerama(xmDisplay)) ++ return; ++ ++#ifdef DEBUG_XINERAMA ++ printf("Updating XINERAMA configuration\n"); ++#endif /* DEBUG_XINERAMA */ ++ ++ if (xmDisplay->display.monitors) ++ XFree(xmDisplay->display.monitors); ++ ++ xmDisplay->display.monitors = ++ XineramaQueryScreens (XtDisplay(xmDisplay), &xmDisplay->display.n_monitors); ++ ++#ifdef DEBUG_XINERAMA ++ for (i = 0; i < xmDisplay->display.n_monitors; ++i) { ++ printf("XINERAMA Monitor %i: (%i,%i) [%ix%i]\n", i, ++ xmDisplay->display.monitors[i].x_org, xmDisplay->display.monitors[i].y_org, ++ xmDisplay->display.monitors[i].width, xmDisplay->display.monitors[i].height); ++ } ++#endif /* DEBUG_XINERAMA */ ++#endif /* HAVE_LIBXINERAMA */ ++} +diff --git a/lib/Xm/DisplayP.h b/lib/Xm/DisplayP.h +index 655c29b6..a2420f96 100644 +--- a/lib/Xm/DisplayP.h ++++ b/lib/Xm/DisplayP.h +@@ -23,6 +23,14 @@ + #ifndef _XmDisplayP_h + #define _XmDisplayP_h + ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#ifdef HAVE_LIBXINERAMA ++#include ++#endif ++ + #include + #include + #include +@@ -115,6 +123,11 @@ typedef struct { + Boolean enable_unselectable_drag; + Boolean enable_thin_thickness; + Boolean enable_multi_key_bindings; ++ Boolean enable_xinerama; ++#ifdef HAVE_LIBXINERAMA ++ XineramaScreenInfo *monitors; ++ int n_monitors; ++#endif + } XmDisplayPart, *XmDisplayPartPtr; + + typedef struct _XmDisplayInfo { +@@ -143,6 +156,11 @@ externalref XmDisplayClassRec xmDisplayClassRec; + + externalref String _Xm_MOTIF_DRAG_AND_DROP_MESSAGE ; + ++extern Boolean _XmDisplayUseXinerama( ++ XmDisplay xmDisplay ) ; ++ ++extern void _XmDisplayUpdateXinerama( ++ XmDisplay xmDisplay ) ; + + #ifdef __cplusplus + } /* Close scope of 'extern "C"' declaration which encloses file. */ +diff --git a/lib/Xm/Screen.c b/lib/Xm/Screen.c +index 10ba8d2b..44abcfb3 100644 +--- a/lib/Xm/Screen.c ++++ b/lib/Xm/Screen.c +@@ -396,7 +396,67 @@ GetUnitFromFont( + } + + } ++#ifdef HAVE_LIBXINERAMA ++/* ARGSUSED */ ++static void ++StructureNotifyHandler( ++ Widget wid, ++ XtPointer data, ++ XEvent *event, ++ Boolean *cont ) ++{ ++ Display *display = XtDisplay(wid); ++ ++#ifdef DEBUG_XINERAMA ++ printf("Root event received\n"); ++#endif /* DEBUG_XINERAMA */ + ++ if (event->type == ConfigureNotify) ++ _XmDisplayUpdateXinerama((XmDisplay) XmGetXmDisplay(display)) ; ++} ++ ++/* ARGSUSED */ ++static void ++InstallStructureNotifyHandler( ++ XmScreen xmScreen) ++{ ++ Display *display = XtDisplay(xmScreen); ++ Window rootwindow; ++ XWindowAttributes rootattributes; ++ ++ if (!_XmDisplayUseXinerama((XmDisplay) XmGetXmDisplay(display))) ++ return; ++ ++ rootwindow = RootWindowOfScreen(XtScreen(xmScreen)); ++ XGetWindowAttributes(display, rootwindow, &rootattributes); ++ XSelectInput(display, ++ rootwindow, ++ StructureNotifyMask | rootattributes.your_event_mask); ++ XtRegisterDrawable(display, rootwindow, (Widget)xmScreen); ++ XtAddEventHandler((Widget)xmScreen, ++ (EventMask) StructureNotifyMask, True, ++ StructureNotifyHandler, (XtPointer) NULL); ++} ++ ++/* ARGSUSED */ ++static void ++UninstallStructureNotifyHandler( ++ XmScreen xmScreen) ++{ ++ Display *display = XtDisplay(xmScreen); ++ Window rootwindow; ++ XWindowAttributes rootattributes; ++ ++ if (!_XmDisplayUseXinerama((XmDisplay) XmGetXmDisplay(display))) ++ return; ++ ++ rootwindow = RootWindowOfScreen(XtScreen(xmScreen)); ++ XtUnregisterDrawable(display, rootwindow); ++ XtRemoveEventHandler((Widget)xmScreen, ++ (EventMask) StructureNotifyMask, True, ++ StructureNotifyHandler, (XtPointer) NULL); ++} ++#endif /* HAVE_LIBXINERAMA */ + + /************************************************************************ + * +@@ -413,6 +473,8 @@ Initialize( + { + XmScreen xmScreen = (XmScreen)new_widget; + Display *display = XtDisplay(new_widget); ++ Window rootwindow; ++ XWindowAttributes rootattributes; + + xmScreen->screen.screenInfo = NULL; + +@@ -474,6 +536,9 @@ Initialize( + } + #endif + ++#ifdef HAVE_LIBXINERAMA ++ InstallStructureNotifyHandler(xmScreen); ++#endif /* HAVE_LIBXINERAMA */ + } + + /************************************************************************ +@@ -672,6 +737,10 @@ Destroy( + + /* need to remove pixmap and GC related to this screen */ + _XmCleanPixmapCache (XtScreen(widget), NULL); ++ ++#ifdef HAVE_LIBXINERAMA ++ UninstallStructureNotifyHandler(xmScreen); ++#endif /* HAVE_LIBXINERAMA */ + } + + static void +@@ -1447,3 +1516,62 @@ XmGetXmScreen( + _XmAppUnlock(app); + return widget; + } ++ ++void ++_XmScreenGetBoundariesAtpoint( ++ Screen *screen, ++ Position pt_x, ++ Position pt_y, ++ Position *ret_x, ++ Position *ret_y, ++ Position *ret_max_x, ++ Position *ret_max_y ) ++{ ++ XmDisplay xmDisplay; ++ Position screen_x, screen_y; ++ Position screen_max_x, screen_max_y; ++#ifdef HAVE_LIBXINERAMA ++ Position tmp_x, tmp_y; ++ Position tmp_max_x, tmp_max_y; ++ int i; ++#endif /* HAVE_LIBXINERAMA */ ++ ++ xmDisplay = (XmDisplay) XmGetXmDisplay(DisplayOfScreen(screen)); ++ screen_x = 0; ++ screen_y = 0; ++ screen_max_x = WidthOfScreen(screen); ++ screen_max_y = HeightOfScreen(screen); ++ ++ if (!_XmDisplayUseXinerama(xmDisplay)) ++ goto out; ++ ++#ifdef HAVE_LIBXINERAMA ++ for (i = 0; i < xmDisplay->display.n_monitors; ++i) { ++ tmp_x = xmDisplay->display.monitors[i].x_org; ++ tmp_y = xmDisplay->display.monitors[i].y_org; ++ tmp_max_x = tmp_x + xmDisplay->display.monitors[i].width; ++ tmp_max_y = tmp_y + xmDisplay->display.monitors[i].height; ++ ++ if (pt_x >= tmp_x && pt_x < tmp_max_x && pt_y >= tmp_y && pt_y < tmp_max_y) { ++ screen_x = tmp_x; ++ screen_y = tmp_y; ++ screen_max_x = tmp_max_x; ++ screen_max_y = tmp_max_y; ++ break; /* We have a match */ ++ } ++ } ++#endif /* HAVE_LIBXINERAMA */ ++out: ++#ifdef DEBUG_XINERAMA ++ printf("Point (%i,%i) constrained within (%i,%i) and (%i,%i)\n", ++ pt_x, pt_y, screen_x, screen_y, screen_max_x, screen_max_y); ++#endif /* DEBUG_XINERAMA */ ++ if (ret_x) ++ *ret_x = screen_x; ++ if (ret_y) ++ *ret_y = screen_y; ++ if (ret_max_x) ++ *ret_max_x = screen_max_x; ++ if (ret_max_y) ++ *ret_max_y = screen_max_y; ++} +diff --git a/lib/Xm/ScreenP.h b/lib/Xm/ScreenP.h +index c870c19e..b4b95a6f 100644 +--- a/lib/Xm/ScreenP.h ++++ b/lib/Xm/ScreenP.h +@@ -134,6 +134,14 @@ typedef struct _XmScreenRec { + XmScreenPart screen; + } XmScreenRec; + ++extern void _XmScreenGetBoundariesAtpoint( ++ Screen *screen, ++ Position pt_x, ++ Position pt_y, ++ Position *ret_x, ++ Position *ret_y, ++ Position *ret_max_x, ++ Position *ret_max_y ) ; + + #ifdef __cplusplus + } /* Close scope of 'extern "C"' declaration which encloses file. */ +diff --git a/lib/Xm/xmstring.list.in b/lib/Xm/xmstring.list.in +index 8c0c4f9a..5887e7ad 100644 +--- a/lib/Xm/xmstring.list.in ++++ b/lib/Xm/xmstring.list.in +@@ -1692,6 +1692,8 @@ CFontEncoding + NxftFont + CXftFont + SUTF8_STRING ++NenableXinerama ++CEnableXinerama + + #file XmStrDefsI.h + #table _XmStringsI +-- +2.47.1 + diff --git a/SOURCES/0003-Xm-MenuShell-Use-Xinerama-to-place-menus.patch b/SOURCES/0003-Xm-MenuShell-Use-Xinerama-to-place-menus.patch new file mode 100644 index 0000000..df57514 --- /dev/null +++ b/SOURCES/0003-Xm-MenuShell-Use-Xinerama-to-place-menus.patch @@ -0,0 +1,119 @@ +From 10168aa7f16afb32e71d9e0a22fa8f90fb301bf4 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Thu, 21 Nov 2024 11:52:22 +0100 +Subject: [PATCH 3/7] Xm/MenuShell: Use Xinerama to place menus + +Signed-off-by: Olivier Fourdan +--- + lib/Xm/MenuShell.c | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +diff --git a/lib/Xm/MenuShell.c b/lib/Xm/MenuShell.c +index 483cc95a..1dea4a54 100644 +--- a/lib/Xm/MenuShell.c ++++ b/lib/Xm/MenuShell.c +@@ -41,6 +41,7 @@ static char rcsid[] = "$TOG: MenuShell.c /main/24 1999/07/08 16:49:59 vipin $" + #include + #include + #include ++#include + #include + #include + #include +@@ -913,7 +914,7 @@ ForceMenuPaneOnScreen( + register Position *y ) + { + Position rightEdgeOfMenu, bottomEdgeOfMenu; +- Dimension dispWidth, dispHeight; ++ Position dispX, dispY, dispMaxX, dispMaxY; + Widget pulldown_button = RC_CascadeBtn(rowcol); + Dimension RowColBorderWidth = rowcol->core.border_width << 1; + Dimension CascadeBorderWidth = 0; +@@ -925,8 +926,7 @@ ForceMenuPaneOnScreen( + + rightEdgeOfMenu = *x + RowColBorderWidth + rowcol->core.width; + bottomEdgeOfMenu = *y + RowColBorderWidth + rowcol->core.height; +- dispWidth = WidthOfScreen (XtScreen(rowcol)); +- dispHeight = HeightOfScreen (XtScreen(rowcol)); ++ _XmScreenGetBoundariesAtpoint(XtScreen(rowcol), *x, *y, &dispX, &dispY, &dispMaxX, &dispMaxY); + + /* + * For OPTION menus, if the submenu is [partially] offscreen, offset it +@@ -937,9 +937,9 @@ ForceMenuPaneOnScreen( + (RC_Type(XtParent(pulldown_button)) == XmMENU_OPTION)) + { + Position old_x = *x; +- if (bottomEdgeOfMenu >= (Position)dispHeight) ++ if (bottomEdgeOfMenu >= dispMaxY) + { +- *y = dispHeight - rowcol->core.height - RowColBorderWidth - 1; ++ *y = dispMaxY - rowcol->core.height - RowColBorderWidth - 1; + if (LayoutIsRtoLM(rowcol)) + *x = old_x - rowcol->core.width - (rowcol->core.border_width <<1); + else +@@ -948,9 +948,9 @@ ForceMenuPaneOnScreen( + bottomEdgeOfMenu = *y + RowColBorderWidth + rowcol->core.height; + } + +- if (*y < 0) ++ if (*y < dispY) + { +- *y = 0; ++ *y = dispY; + + /* Consider CascadeBtn as well as RowCol width to allow multi + * column RowColumn +@@ -963,13 +963,13 @@ ForceMenuPaneOnScreen( + bottomEdgeOfMenu = *y + RowColBorderWidth + rowcol->core.height; + } + +- if (rightEdgeOfMenu >= (Position)dispWidth) ++ if (rightEdgeOfMenu >= dispMaxX) + { + *x = old_x - rowcol->core.width + RowColBorderWidth; + rightEdgeOfMenu = *x + RowColBorderWidth + rowcol->core.width; + } + +- if (*x < 0) ++ if (*x < dispX) + { + if (LayoutIsRtoLM(rowcol)) + *x = old_x + pulldown_button->core.width + CascadeBorderWidth; +@@ -982,10 +982,10 @@ ForceMenuPaneOnScreen( + /* + * If the submenu is offscreen force it completely on. + */ +- if (rightEdgeOfMenu >= (Position)dispWidth) +- *x -= (rightEdgeOfMenu - dispWidth + 1); ++ if (rightEdgeOfMenu >= dispMaxX) ++ *x -= (rightEdgeOfMenu - dispMaxX + 1); + +- if (bottomEdgeOfMenu >= (Position)dispHeight) ++ if (bottomEdgeOfMenu >= dispMaxY) + { + if (pulldown_button && XtParent(pulldown_button) && + (RC_Type(XtParent(pulldown_button)) == XmMENU_BAR)) +@@ -1005,15 +1005,15 @@ ForceMenuPaneOnScreen( + *y = y_temp; + } + else +- *y -= (bottomEdgeOfMenu - dispHeight + 1); ++ *y -= (bottomEdgeOfMenu - dispMaxY + 1); + } + + /* Make sure that the top left corner os on screen! */ +- if (*x < 0) +- *x = 0; ++ if (*x < dispX) ++ *x = dispX; + +- if (*y < 0) +- *y = 0; ++ if (*y < dispY) ++ *y = dispY; + } + + /* +-- +2.47.1 + diff --git a/SOURCES/0004-Xm-DropDown-Use-Xinerama-for-placement.patch b/SOURCES/0004-Xm-DropDown-Use-Xinerama-for-placement.patch new file mode 100644 index 0000000..6d4fc22 --- /dev/null +++ b/SOURCES/0004-Xm-DropDown-Use-Xinerama-for-placement.patch @@ -0,0 +1,65 @@ +From e21e7ffaa62df64be305326d24eca09c80129403 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Thu, 21 Nov 2024 14:11:11 +0100 +Subject: [PATCH 4/7] Xm/DropDown: Use Xinerama for placement + +Signed-off-by: Olivier Fourdan +--- + lib/Xm/DropDown.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/lib/Xm/DropDown.c b/lib/Xm/DropDown.c +index a25d1092..665e0e26 100644 +--- a/lib/Xm/DropDown.c ++++ b/lib/Xm/DropDown.c +@@ -13,7 +13,7 @@ + #include "XmI.h" + #include + #include +- ++#include + #include + + #include +@@ -2169,8 +2169,9 @@ PopupList(Widget w) + XmDropDownWidget cbw = (XmDropDownWidget) w; + Widget shell = XmDropDown_popup_shell(cbw); + Position x, y, temp; ++ Position dispX, dispY, dispMaxX, dispMaxY; + Dimension width; +- int ret, scr_width, scr_height; ++ int ret; + Arg args[10]; + Cardinal num_args; + +@@ -2209,21 +2210,20 @@ PopupList(Widget w) + * + * Lets start by getting the width and height of the screen. + */ +- scr_width = WidthOfScreen(XtScreen(shell)); +- scr_height = HeightOfScreen(XtScreen(shell)); ++ _XmScreenGetBoundariesAtpoint(XtScreen(shell), x, y, &dispX, &dispY, &dispMaxX, &dispMaxY); + +- if( (int)(y + XtHeight(shell)) > scr_height ) ++ if( (int)(y + XtHeight(shell)) > dispMaxY ) + { + Position tmp; + XtTranslateCoords(w, 0, 0, &tmp, &y); + y -= ((int)XtHeight(shell)); + } +- if( y < 0 ) y = 0; +- if( (int)(x + width) > scr_width ) ++ if( y < dispY ) y = dispY; ++ if( (int)(x + width) > dispMaxX ) + { +- x = scr_width - ((int)width); ++ x = dispMaxX - ((int)width); + } +- if( x < 0 ) x = 0; ++ if( x < dispX ) x = dispX; + + XtSetArg(args[num_args], XmNx, x); num_args++; + XtSetArg(args[num_args], XmNy, y); num_args++; +-- +2.47.1 + diff --git a/SOURCES/0005-Xm-RCMenu-Use-Xinerama-for-placement.patch b/SOURCES/0005-Xm-RCMenu-Use-Xinerama-for-placement.patch new file mode 100644 index 0000000..04b4788 --- /dev/null +++ b/SOURCES/0005-Xm-RCMenu-Use-Xinerama-for-placement.patch @@ -0,0 +1,70 @@ +From d97abbe6cf64a8bb0e331725c36caf5e0ac37b0f Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Thu, 21 Nov 2024 14:17:21 +0100 +Subject: [PATCH 5/7] Xm/RCMenu: Use Xinerama for placement + +Please note that when building with Xinerama enabled, the placement +logic changes, as the original location of the CascadeButton is not +taken into account when relocating the RCMenu widget. + +Reason for that is because I reckon the current code is not correct, as +it moves the RCMenu way off the screen, yet it doesn't show without +Xinerama because there is another check later to make sure the widget +remains on the overall screen, hence hiding the problem. + +With Xinerama, that breaks in-between monitors and the RCMenu ends up +completely misplaced, which is why I think the code was wrong, yet the +logic is preserved when building without XINERAMA support to preserve +the current behavior if needed. + +Signed-off-by: Olivier Fourdan +--- + lib/Xm/RCMenu.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/lib/Xm/RCMenu.c b/lib/Xm/RCMenu.c +index 2c698d4f..abd7a70e 100644 +--- a/lib/Xm/RCMenu.c ++++ b/lib/Xm/RCMenu.c +@@ -537,6 +537,7 @@ LocatePulldown( + XEvent *event ) + { + Position x, y, x1, y1; ++ Position dispX, dispMaxX; + + if (root == NULL) + return; +@@ -617,17 +618,26 @@ LocatePulldown( + * window co-ords. + */ + XtTranslateCoords( (Widget) p, x, y, &x1, &y1); ++ _XmScreenGetBoundariesAtpoint(XtScreen(m), x1, y1, &dispX, NULL, &dispMaxX, NULL); + + /* Oh no! we're going off screen. Let's try and do + something reasonable. We're only doing the cascade + off a menu case for now. (CR 6421) */ +- if ((x1 + XtWidth(m)) > WidthOfScreen(XtScreen(m))) { ++ if ((x1 + XtWidth(m)) > dispMaxX) { + if (!IsOption(root) && (XmIsCascadeButton(p) || XmIsCascadeButtonGadget(p))) { +- x1 -= XtWidth(m) + x - XtX(p); ++ x1 -= XtWidth(m) + x; ++#ifndef HAVE_LIBXINERAMA ++ /* XXX: I don't think it's correct, but that's what the original code was doing… */ ++ x1 -= XtX(p); ++#endif /* not HAVE_LIBXINERAMA */ + } +- } else if (x1 < 0) { /* R to L case */ ++ } else if (x1 < dispX) { /* R to L case */ + if (!IsOption(root) && (XmIsCascadeButton(p) || XmIsCascadeButtonGadget(p))) { +- x1 += XtWidth(m) + x - XtX(p); ++ x1 += XtWidth(m) + x; ++#ifndef HAVE_LIBXINERAMA ++ /* XXX: I don't think it's correct, but that's what the original code was doing… */ ++ x1 -= XtX(p); ++#endif /* not HAVE_LIBXINERAMA */ + } + } + +-- +2.47.1 + diff --git a/SOURCES/0006-Xm-Tooltip-Use-Xinerama-for-placement.patch b/SOURCES/0006-Xm-Tooltip-Use-Xinerama-for-placement.patch new file mode 100644 index 0000000..286ee5d --- /dev/null +++ b/SOURCES/0006-Xm-Tooltip-Use-Xinerama-for-placement.patch @@ -0,0 +1,53 @@ +From af453aebd8e53a32369c792cf8d0e641b2b3a834 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Thu, 21 Nov 2024 14:24:30 +0100 +Subject: [PATCH 6/7] Xm/Tooltip: Use Xinerama for placement + +Signed-off-by: Olivier Fourdan +--- + lib/Xm/ToolTip.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/lib/Xm/ToolTip.c b/lib/Xm/ToolTip.c +index dc65071d..fdd32221 100644 +--- a/lib/Xm/ToolTip.c ++++ b/lib/Xm/ToolTip.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -153,6 +154,8 @@ ToolTipPost (XtPointer client_data, + XtWidgetGeometry geo; + Position destX, + destY; ++ Position dispMaxX, ++ dispMaxY; + + XmToolTipConfigTrait ttp; /* ToolTip pointer */ + +@@ -197,12 +200,14 @@ ToolTipPost (XtPointer client_data, + Don't let the tip be off the right/bottom of the screen + */ + destX = rx + (XmIsGadget (w) ? XtX (w) : 0) - x + XtWidth (w) / 2; +- if (destX + geo.width > WidthOfScreen (XtScreen (w))) ++ destY = ry + (XmIsGadget (w) ? XtY (w) : 0) - y + XtHeight (w); ++ _XmScreenGetBoundariesAtpoint(XtScreen(w), destX, destY, NULL, NULL, &dispMaxX, &dispMaxY); ++ ++ if (destX + geo.width > dispMaxX) + { +- destX = WidthOfScreen (XtScreen (w)) - geo.width; ++ destX = dispMaxX - geo.width; + } +- destY = ry + (XmIsGadget (w) ? XtY (w) : 0) - y + XtHeight (w); +- if (destY + geo.height > HeightOfScreen (XtScreen (w))) ++ if (destY + geo.height > dispMaxY) + { + destY = ry + (XmIsGadget (w) ? XtY (w) : 0) - y - geo.height; + } +-- +2.47.1 + diff --git a/SOURCES/0007-Xm-ComboBox-Use-Xinerama-for-placement.patch b/SOURCES/0007-Xm-ComboBox-Use-Xinerama-for-placement.patch new file mode 100644 index 0000000..d6c02da --- /dev/null +++ b/SOURCES/0007-Xm-ComboBox-Use-Xinerama-for-placement.patch @@ -0,0 +1,51 @@ +From 8a026c2d1e94ab2a33a1bec55d703b229ce9daf7 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Thu, 21 Nov 2024 14:30:23 +0100 +Subject: [PATCH 7/7] Xm/ComboBox: Use Xinerama for placement + +Signed-off-by: Olivier Fourdan +--- + lib/Xm/ComboBox.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/Xm/ComboBox.c b/lib/Xm/ComboBox.c +index 1472e458..0f49de50 100644 +--- a/lib/Xm/ComboBox.c ++++ b/lib/Xm/ComboBox.c +@@ -43,6 +43,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1791,6 +1792,7 @@ CBDropDownList(Widget widget, + Cardinal n; + int tmp; + Position root_x, root_y, shell_x, shell_y; ++ Position dispX, dispY, dispMaxX, dispMaxY; + Dimension shell_width; + + XtTranslateCoords((Widget)cb, XtX(cb), XtY(cb), &root_x, &root_y); +@@ -1801,12 +1803,13 @@ CBDropDownList(Widget widget, + XtY(cb); + + /* Try to position the shell on the screen. */ +- tmp = WidthOfScreen(XtScreen(cb)) - XtWidth(CB_ListShell(cb)); ++ _XmScreenGetBoundariesAtpoint(XtScreen(cb), shell_x, shell_y, &dispX, &dispY, &dispMaxX, &dispMaxY); ++ tmp = dispMaxX - XtWidth(CB_ListShell(cb)); + tmp = MIN(tmp, shell_x); +- shell_x = MAX(0, tmp); +- tmp = HeightOfScreen(XtScreen(cb)) - XtHeight(CB_ListShell(cb)); ++ shell_x = MAX(dispX, tmp); ++ tmp = dispMaxY - XtHeight(CB_ListShell(cb)); + tmp = MIN(tmp, shell_y); +- shell_y = MAX(0, tmp); ++ shell_y = MAX(dispY, tmp); + + /* CR 8446: The shell width may have changed unexpectedly. */ + shell_width = XtWidth(cb) - 2 * CB_HighlightThickness(cb); +-- +2.47.1 + diff --git a/SPECS/motif.spec b/SPECS/motif.spec index c374144..0757e9c 100644 --- a/SPECS/motif.spec +++ b/SPECS/motif.spec @@ -1,7 +1,7 @@ Summary: Run-time libraries and programs Name: motif Version: 2.3.4 -Release: 19%{?dist} +Release: 21%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: http://downloads.sf.net/motif/motif-%{version}-src.tgz @@ -22,6 +22,7 @@ BuildRequires: libjpeg-devel libpng-devel BuildRequires: libXft-devel libXmu-devel libXp-devel libXt-devel libXext-devel BuildRequires: xorg-x11-xbitmaps BuildRequires: perl-interpreter +BuildRequires: pkgconfig(xinerama) Patch22: motif-2.3.4-no_demos.patch Patch23: openMotif-2.2.3-uil_lib.patch @@ -40,6 +41,20 @@ Patch53: motifzone_1660.patch Patch54: motifzone_1612.patch Patch55: 0001-EditresCom-Fix-build-with-modern-systems.patch +# CVE-2023-43788 +Patch56: 0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch +# CVE-2023-43789 +Patch57: 0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch + +# https://issues.redhat.com/browse/RHEL-67987 +Patch58: 0001-build-Check-for-Xinerama-availability.patch +Patch59: 0002-Xm-Display-Add-optional-Xinerama-support.patch +Patch60: 0003-Xm-MenuShell-Use-Xinerama-to-place-menus.patch +Patch61: 0004-Xm-DropDown-Use-Xinerama-for-placement.patch +Patch62: 0005-Xm-RCMenu-Use-Xinerama-for-placement.patch +Patch63: 0006-Xm-Tooltip-Use-Xinerama-for-placement.patch +Patch64: 0007-Xm-ComboBox-Use-Xinerama-for-placement.patch + Conflicts: lesstif <= 0.92.32-6 @@ -89,6 +104,15 @@ This package contains the static Motif libraries. %patch53 -p1 -b .motifzone_1660 %patch54 -p1 -b .motifzone_1612 %patch55 -p1 -b .long_bit +%patch56 -p1 -b .cve-2023-43788 +%patch57 -p1 -b .cve-2023-43789 +%patch58 -p1 -b .xinerama +%patch59 -p1 -b .xinerama +%patch60 -p1 -b .xinerama +%patch61 -p1 -b .xinerama +%patch62 -p1 -b .xinerama +%patch63 -p1 -b .xinerama +%patch64 -p1 -b .xinerama %build CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" \ @@ -146,6 +170,13 @@ rm -rf %{buildroot} %{_libdir}/lib*.a %changelog +* Mon Nov 25 2024 Olivier Fourdan - 2.3.4-21 +- Add Xinerama support (RHEL-67987) + +* Mon Nov 27 2023 José Expósito - 2.3.4-20 +- Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() +- Fix CVE-2023-43789: out of bounds read on XPM with corrupted colormap + * Wed Jul 26 2023 MSVSphere Packaging Team - 2.3.4-19 - Rebuilt for MSVSphere 8.8