Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[xsrc/trunk]: xsrc/external/mit/libXpm/dist initial import of libXpm-3.5.15



details:   https://anonhg.NetBSD.org/xsrc/rev/5176055ebd8b
branches:  trunk
changeset: 7389:5176055ebd8b
user:      mrg <mrg%NetBSD.org@localhost>
date:      Thu Jan 19 05:12:22 2023 +0000

description:
initial import of libXpm-3.5.15

diffstat:

 external/mit/libXpm/dist/COPYING                                              |     20 +
 external/mit/libXpm/dist/ChangeLog                                            |    182 +
 external/mit/libXpm/dist/Makefile.am                                          |      2 +-
 external/mit/libXpm/dist/Makefile.in                                          |     61 +-
 external/mit/libXpm/dist/README.md                                            |     27 +
 external/mit/libXpm/dist/aclocal.m4                                           |   2313 +-
 external/mit/libXpm/dist/compile                                              |     17 +-
 external/mit/libXpm/dist/config.guess                                         |   1488 +-
 external/mit/libXpm/dist/config.h.in                                          |     25 +-
 external/mit/libXpm/dist/config.sub                                           |   2909 +-
 external/mit/libXpm/dist/configure                                            |  13022 ++++-----
 external/mit/libXpm/dist/configure.ac                                         |     63 +-
 external/mit/libXpm/dist/cxpm/Makefile.in                                     |     43 +-
 external/mit/libXpm/dist/cxpm/cxpm.c                                          |      4 +-
 external/mit/libXpm/dist/depcomp                                              |     10 +-
 external/mit/libXpm/dist/doc/Makefile.in                                      |     24 +-
 external/mit/libXpm/dist/include/Makefile.in                                  |     26 +-
 external/mit/libXpm/dist/install-sh                                           |    172 +-
 external/mit/libXpm/dist/ltmain.sh                                            |    879 +-
 external/mit/libXpm/dist/m4/libtool.m4                                        |    227 +-
 external/mit/libXpm/dist/m4/ltoptions.m4                                      |      4 +-
 external/mit/libXpm/dist/m4/ltsugar.m4                                        |      2 +-
 external/mit/libXpm/dist/m4/ltversion.m4                                      |     13 +-
 external/mit/libXpm/dist/m4/lt~obsolete.m4                                    |      4 +-
 external/mit/libXpm/dist/man/Makefile.in                                      |     24 +-
 external/mit/libXpm/dist/man/XpmCreateBuffer.man                              |     97 +-
 external/mit/libXpm/dist/man/XpmCreateData.man                                |     74 +-
 external/mit/libXpm/dist/man/XpmCreateImage.man                               |     81 +-
 external/mit/libXpm/dist/man/XpmCreatePixmap.man                              |     88 +-
 external/mit/libXpm/dist/man/XpmCreateXpmImage.man                            |    124 +-
 external/mit/libXpm/dist/man/XpmMisc.man                                      |    137 +-
 external/mit/libXpm/dist/man/XpmRead.man                                      |    273 +-
 external/mit/libXpm/dist/man/XpmWrite.man                                     |    171 +-
 external/mit/libXpm/dist/missing                                              |     16 +-
 external/mit/libXpm/dist/src/Makefile.in                                      |    168 +-
 external/mit/libXpm/dist/src/RdFToI.c                                         |     17 +-
 external/mit/libXpm/dist/src/WrFFrI.c                                         |      4 +-
 external/mit/libXpm/dist/src/data.c                                           |     24 +-
 external/mit/libXpm/dist/src/parse.c                                          |     31 +-
 external/mit/libXpm/dist/sxpm/Makefile.in                                     |     43 +-
 external/mit/libXpm/dist/tap-driver.sh                                        |    651 +
 external/mit/libXpm/dist/test-driver                                          |    148 +
 external/mit/libXpm/dist/test/CompareXpmImage.h                               |     61 +
 external/mit/libXpm/dist/test/Makefile.am                                     |     99 +
 external/mit/libXpm/dist/test/Makefile.in                                     |   1144 +
 external/mit/libXpm/dist/test/TestAllFiles.h                                  |    160 +
 external/mit/libXpm/dist/test/XpmCreate.c                                     |    129 +
 external/mit/libXpm/dist/test/XpmMisc.c                                       |     91 +
 external/mit/libXpm/dist/test/XpmRead.c                                       |    195 +
 external/mit/libXpm/dist/test/XpmWrite.c                                      |    321 +
 external/mit/libXpm/dist/test/pixmaps/good/BlueCurves.xpm                     |    122 +
 external/mit/libXpm/dist/test/pixmaps/good/Dimple.xpm                         |     79 +
 external/mit/libXpm/dist/test/pixmaps/good/Dolphins.xpm                       |     94 +
 external/mit/libXpm/dist/test/pixmaps/good/Miniweave.xpm                      |     63 +
 external/mit/libXpm/dist/test/pixmaps/good/Squares.xpm                        |     62 +
 external/mit/libXpm/dist/test/pixmaps/good/Swirl.xpm                          |     62 +
 external/mit/libXpm/dist/test/pixmaps/good/Utah-teapot.xpm                    |    407 +
 external/mit/libXpm/dist/test/pixmaps/good/chromesphere.xpm                   |    362 +
 external/mit/libXpm/dist/test/pixmaps/good/plaid-lisp.xpm                     |     39 +
 external/mit/libXpm/dist/test/pixmaps/good/plaid-v1.xpm                       |     37 +
 external/mit/libXpm/dist/test/pixmaps/good/plaid-v2.xpm                       |     30 +
 external/mit/libXpm/dist/test/pixmaps/good/plaid-v3.xpm                       |     39 +
 external/mit/libXpm/dist/test/pixmaps/good/xorg-bw.xpm                        |    264 +
 external/mit/libXpm/dist/test/pixmaps/good/xorg.xpm                           |    701 +
 external/mit/libXpm/dist/test/pixmaps/invalid/CVE-2016-10164-poc.xpm.gz.gz.gz |    Bin 
 external/mit/libXpm/dist/test/pixmaps/invalid/doom.xpm                        |      8 +
 external/mit/libXpm/dist/test/pixmaps/invalid/doom2.xpm                       |     11 +
 external/mit/libXpm/dist/test/pixmaps/invalid/invalid-type.xpm                |     34 +
 external/mit/libXpm/dist/test/pixmaps/invalid/no-contents.xpm                 |      2 +
 external/mit/libXpm/dist/test/pixmaps/invalid/unending-comment-c.xpm          |     30 +
 external/mit/libXpm/dist/test/pixmaps/invalid/zero-width-v1.xpm               |     37 +
 external/mit/libXpm/dist/test/pixmaps/invalid/zero-width.xpm                  |     35 +
 external/mit/libXpm/dist/test/pixmaps/no-mem/oversize.xpm                     |     39 +
 external/mit/libXpm/dist/test/tap-test                                        |      2 +
 74 files changed, 16768 insertions(+), 11699 deletions(-)

diffs (truncated from 37715 to 300 lines):

diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/COPYING
--- a/external/mit/libXpm/dist/COPYING  Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/COPYING  Thu Jan 19 05:12:22 2023 +0000
@@ -68,3 +68,23 @@
 in this Software without prior written authorization from Lorens Younes.
 
 
+Copyright (c) 2023, Oracle and/or its affiliates.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next
+paragraph) shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/ChangeLog
--- a/external/mit/libXpm/dist/ChangeLog        Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/ChangeLog        Thu Jan 19 05:12:22 2023 +0000
@@ -1,3 +1,185 @@
+commit ddd8339e262cbb7b25993599299ad40e0c95ccf6
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Tue Jan 17 08:19:26 2023 -0800
+
+    libXpm 3.5.15
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 8178eb0834d82242e1edbc7d4fb0d1b397569c68
+Author: Peter Hutterer <peter.hutterer%who-t.net@localhost>
+Date:   Mon Jan 16 19:44:52 2023 +1000
+
+    Use gzip -d instead of gunzip
+    
+    GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
+    /usr/bin/gunzip with the correct built-in path, the actual gzip call
+    will use whichever gzip it finds first, making our patch pointless.
+    
+    Fix this by explicitly calling gzip -d instead.
+    
+    https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
+    
+    [Part of the fix for CVE-2022-4883]
+    Signed-off-by: Peter Hutterer <peter.hutterer%who-t.net@localhost>
+
+commit c5ab17bcc34914c0b0707d2135dbebe9a367c5f0
+Author: Matthieu Herrb <matthieu%herrb.eu@localhost>
+Date:   Thu Jan 12 15:05:39 2023 +1000
+
+    Prevent a double free in the error code path
+    
+    xpmParseDataAndCreate() calls XDestroyImage() in the error path.
+    Reproducible with sxpm "zero-width.xpm", that file is in the test/
+    directory.
+    
+    The same approach is needed in the bytes_per_line == 0 condition though
+    here it just plugs a memory leak.
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 515294bb8023a45ff916696d0a14308ff4f3a376
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Fri Jan 6 12:50:48 2023 -0800
+
+    Fix CVE-2022-4883: compression commands depend on $PATH
+    
+    By default, on all platforms except MinGW, libXpm will detect if a
+    filename ends in .Z or .gz, and will when reading such a file fork off
+    an uncompress or gunzip command to read from via a pipe, and when
+    writing such a file will fork off a compress or gzip command to write
+    to via a pipe.
+    
+    In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
+    to find the commands.  If libXpm is called from a program running with
+    raised privileges, such as via setuid, then a malicious user could set
+    $PATH to include programs of their choosing to be run with those
+    privileges.
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f80fa6ae47ad4a5beacb287c0030c9913b046643
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sat Jan 7 12:44:28 2023 -0800
+
+    Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
+    
+    When reading XPM images from a file with libXpm 3.5.14 or older, if a
+    image has a width of 0 and a very large height, the ParsePixels() function
+    will loop over the entire height calling getc() and ungetc() repeatedly,
+    or in some circumstances, may loop seemingly forever, which may cause a
+    denial of service to the calling program when given a small crafted XPM
+    file to parse.
+    
+    Closes: #2
+    
+    Reported-by: Martin Ettl <ettl.martin78%googlemail.com@localhost>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f7fbbb92f6d383b21dd1587c3703a5de37c625b5
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Tue Jan 3 17:23:58 2023 -0800
+
+    test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit a3a7c6dcc3b629d765014816c566c63165c63ca8
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sat Dec 17 12:23:45 2022 -0800
+
+    Fix CVE-2022-46285: Infinite loop on unclosed comments
+    
+    When reading XPM images from a file with libXpm 3.5.14 or older, if a
+    comment in the file is not closed (i.e. a C-style comment starts with
+    "/*" and is missing the closing "*/"), the ParseComment() function will
+    loop forever calling getc() to try to read the rest of the comment,
+    failing to notice that it has returned EOF, which may cause a denial of
+    service to the calling program.
+    
+    Reported-by: Marco Ivaldi <raptor%0xdeadbeef.info@localhost>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f7a167a48a950b89b91f5123a0ec8d9a7cb97495
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sat Dec 17 12:18:24 2022 -0800
+
+    test: add test case for CVE-2022-46285 (unclosed comments)
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 0ff2c6af823ce7712c06150c43c9b403846a035f
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sat Jan 7 15:43:20 2023 -0800
+
+    cxpm: getc/ungetc wrappers should not adjust position when c == EOF
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 501494c6c68a84114fdd0b44d4b67ef9cde776c9
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sat Jan 7 13:39:56 2023 -0800
+
+    test: Add unit tests using glib framework
+    
+    Includes rudimentary tests for XpmReadFileToXpmImage, XpmReadFileToData,
+    XpmReadFileToBuffer, XpmCreateXpmImageFromData, XpmCreateXpmImageFromBuffer,
+    XpmWriteFileFromXpmImage, XpmWriteFileFromData, XpmWriteFileFromBuffer,
+    XpmAttributesSize, XpmGetErrorString, XpmLibraryVersion
+    
+    Includes test cases for CVE-2004-0687
+    
+    Tests .Z and .gz files if --enable-open-zfile is active
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 4841039e5385f264d12757903894f47c64f59361
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Thu Jan 5 15:42:36 2023 -0800
+
+    configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
+    
+    Documents the two compression options in the README, makes their
+    configure options reflect the interdependency of their implementation,
+    and makes the configure script report their configuration.
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit aef0c8dd129838ac35b3cf8a7cdf04c7fd67dff1
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sun Jan 1 14:19:17 2023 -0800
+
+    man pages: Apply standard man page style/formatting
+    
+    Function & macro names in bold, argument names in italics.
+    
+    In the man page body, bold function names followed by plain ()
+    for functions defined in this page, plain (3) for functions defined
+    in other man pages.
+    
+    New paragraphs start with .PP, not just a blank line.
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 5d55a0be3f8a8d3e53c65c286878fc3224fce135
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sun Jan 1 10:48:01 2023 -0800
+
+    man pages: Replace "See Also" entries with more useful ones
+    
+    "See Also" entries in man pages should list other man pages to
+    look at, not the alternate names for the current man page.
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 392cb8fb444ae632176829076f412cb4029dbdbc
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date:   Sun Jan 1 10:21:38 2023 -0800
+
+    man pages: Fix typos and other minor editing
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
 commit 08bc174f28af028b6ebaa9edeccd3ff56c396e92
 Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
 Date:   Sat Nov 19 12:23:53 2022 -0800
diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/Makefile.am
--- a/external/mit/libXpm/dist/Makefile.am      Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/Makefile.am      Thu Jan 19 05:12:22 2023 +0000
@@ -1,7 +1,7 @@
 # Daniel Stone disowns all copyright on this file; no warranty is given as to its
 # suitability or otherwise.
 
-SUBDIRS = doc include man src sxpm cxpm
+SUBDIRS = doc include man src sxpm cxpm test
 
 ACLOCAL_AMFLAGS = -I m4
 
diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/Makefile.in
--- a/external/mit/libXpm/dist/Makefile.in      Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/Makefile.in      Thu Jan 19 05:12:22 2023 +0000
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -170,9 +170,9 @@
   $(RECURSIVE_CLEAN_TARGETS) \
   $(am__extra_recursive_targets)
 AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
-       cscope distdir distdir-am dist dist-all distcheck
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
-       config.h.in
+       cscope distdir dist dist-all distcheck
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
+       $(LISP)config.h.in
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
 # *not* preserved.
@@ -189,11 +189,14 @@
   unique=`for i in $$list; do \
     if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
   done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+CSCOPE = cscope
 DIST_SUBDIRS = $(SUBDIRS)
 am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
-       $(srcdir)/xpm.pc.in AUTHORS COPYING ChangeLog INSTALL \
-       README.md compile config.guess config.sub install-sh ltmain.sh \
-       missing
+       $(srcdir)/xpm.pc.in AUTHORS COPYING ChangeLog INSTALL compile \
+       config.guess config.sub install-sh ltmain.sh missing \
+       tap-driver.sh
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
@@ -232,8 +235,6 @@
 DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.xz
 GZIP_ENV = --best
 DIST_TARGETS = dist-xz dist-gzip
-# Exists only to be overridden by the user if desired.
-AM_DISTCHECK_DVI_TARGET = dvi
 distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -255,9 +256,8 @@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
 CHANGELOG_CMD = @CHANGELOG_CMD@
+CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
 CWARNFLAGS = @CWARNFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
@@ -271,12 +271,12 @@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
-ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
-FILECMD = @FILECMD@



Home | Main Index | Thread Index | Old Index