Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[xsrc/netbsd-10]: xsrc/external/mit/libXpm/dist Sync with HEAD, requested by ...
details: https://anonhg.NetBSD.org/xsrc/rev/6e5dfdd64d99
branches: netbsd-10
changeset: 7404:6e5dfdd64d99
user: martin <martin%NetBSD.org@localhost>
date: Mon Jan 23 13:49:20 2023 +0000
description:
Sync with HEAD, requested by mrg in ticket #59:
external/mit/libXpm/dist/man/XpmAttributesSize.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateBuffer.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmCreateBufferFromImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateBufferFromPixmap.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateBufferFromXpmImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateData.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmCreateDataFromImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateDataFromPixmap.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateDataFromXpmImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateImage.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmFree.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateImageFromBuffer.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateImageFromData.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateImageFromXpmImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreatePixmap.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmCreatePixmapFromBuffer.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreatePixmapFromData.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreatePixmapFromXpmImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateXpmImage.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmCreateXpmImageFromBuffer.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateXpmImageFromData.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateXpmImageFromImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmCreateXpmImageFromPixmap.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmFreeAttributes.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmFreeXpmImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmFreeExtensions.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmFreeXpmInfo.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmGetErrorString.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmLibraryVersion.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmMisc.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmRead.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmReadFileToBuffer.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmReadFileToData.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmReadFileToImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmReadFileToPixmap.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmReadFileToXpmImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmWrite.man up to 1.1.1.2
external/mit/libXpm/dist/man/XpmWriteFileFromBuffer.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmWriteFileFromImage.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmWriteFileFromPixmap.man up to 1.1.1.1
external/mit/libXpm/dist/man/XpmWriteFileFromXpmImage.man up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/BlueCurves.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/Dimple.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/Dolphins.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/Miniweave.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/Squares.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/Swirl.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/Utah-teapot.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/chromesphere.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/plaid-lisp.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/plaid-v1.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/plaid-v2.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/plaid-v3.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/xorg-bw.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/good/xorg.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/CVE-2016-10164-poc.xpm.gz.gz.gz up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/doom.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/doom2.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/invalid-type.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/no-contents.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/unending-comment-c.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/zero-width-v1.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/invalid/zero-width.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/pixmaps/no-mem/oversize.xpm up to 1.1.1.1
external/mit/libXpm/dist/test/CompareXpmImage.h up to 1.1.1.1
external/mit/libXpm/dist/test/Makefile.am up to 1.1.1.1
external/mit/libXpm/dist/test/Makefile.in up to 1.1.1.1
external/mit/libXpm/dist/test/TestAllFiles.h up to 1.1.1.1
external/mit/libXpm/dist/test/XpmCreate.c up to 1.1.1.1
external/mit/libXpm/dist/test/XpmMisc.c up to 1.1.1.1
external/mit/libXpm/dist/test/XpmRead.c up to 1.1.1.1
external/mit/libXpm/dist/test/XpmWrite.c up to 1.1.1.1
external/mit/libXpm/dist/test/tap-test up to 1.1.1.1
external/mit/libXpm/dist/tap-driver.sh up to 1.1.1.1
external/mit/libXpm/dist/test-driver up to 1.1.1.1
external/mit/libXpm/dist/AUTHORS up to 1.1.1.2
external/mit/libXpm/dist/COPYING up to 1.1.1.4
external/mit/libXpm/dist/ChangeLog up to 1.1.1.9
external/mit/libXpm/dist/Makefile.am up to 1.1.1.6
external/mit/libXpm/dist/Makefile.in up to 1.1.1.9
external/mit/libXpm/dist/README.md up to 1.1.1.3
external/mit/libXpm/dist/aclocal.m4 up to 1.1.1.9
external/mit/libXpm/dist/compile up to 1.1.1.4
external/mit/libXpm/dist/config.guess up to 1.1.1.7
external/mit/libXpm/dist/config.h.in up to 1.1.1.6
external/mit/libXpm/dist/config.sub up to 1.1.1.8
external/mit/libXpm/dist/configure up to 1.1.1.9
external/mit/libXpm/dist/configure.ac up to 1.1.1.9
external/mit/libXpm/dist/depcomp up to 1.1.1.6
external/mit/libXpm/dist/install-sh up to 1.1.1.6
external/mit/libXpm/dist/ltmain.sh up to 1.1.1.9
external/mit/libXpm/dist/missing up to 1.1.1.7
external/mit/libXpm/dist/cxpm/Makefile.in up to 1.1.1.9
external/mit/libXpm/dist/cxpm/cxpm.c up to 1.1.1.5
external/mit/libXpm/dist/doc/Makefile.in up to 1.1.1.7
external/mit/libXpm/dist/doc/README.MSW up to 1.1.1.3
external/mit/libXpm/dist/doc/README.html up to 1.1.1.3
external/mit/libXpm/dist/include/Makefile.in up to 1.1.1.7
external/mit/libXpm/dist/m4/libtool.m4 up to 1.1.1.4
external/mit/libXpm/dist/man/Makefile.am up to 1.1.1.2
external/mit/libXpm/dist/man/Makefile.in up to 1.1.1.6
external/mit/libXpm/dist/src/Makefile.in up to 1.1.1.9
external/mit/libXpm/dist/src/RdFToI.c up to 1.1.1.5
external/mit/libXpm/dist/src/WrFFrI.c up to 1.1.1.7
external/mit/libXpm/dist/src/create.c up to 1.5
external/mit/libXpm/dist/src/data.c up to 1.1.1.5
external/mit/libXpm/dist/src/hashtab.c up to 1.1.1.4
external/mit/libXpm/dist/src/parse.c up to 1.1.1.8
external/mit/libXpm/dist/src/rgbtab.h up to 1.1.1.2
external/mit/libXpm/dist/src/scan.c up to 1.1.1.5
external/mit/libXpm/dist/sxpm/Makefile.in up to 1.1.1.9
Upstream fixes for CVE-2022-46285, CVE-2022-44617, and CVE-2022-4883.
diffstat:
external/mit/libXpm/dist/AUTHORS | 2 +-
external/mit/libXpm/dist/COPYING | 20 +
external/mit/libXpm/dist/ChangeLog | 319 +-
external/mit/libXpm/dist/Makefile.am | 2 +-
external/mit/libXpm/dist/Makefile.in | 40 +-
external/mit/libXpm/dist/README.md | 29 +-
external/mit/libXpm/dist/aclocal.m4 | 310 +-
external/mit/libXpm/dist/compile | 13 +-
external/mit/libXpm/dist/config.guess | 122 +-
external/mit/libXpm/dist/config.h.in | 15 +
external/mit/libXpm/dist/config.sub | 2663 +++++----
external/mit/libXpm/dist/configure | 851 ++-
external/mit/libXpm/dist/configure.ac | 67 +-
external/mit/libXpm/dist/cxpm/Makefile.in | 36 +-
external/mit/libXpm/dist/cxpm/cxpm.c | 4 +-
external/mit/libXpm/dist/depcomp | 10 +-
external/mit/libXpm/dist/doc/Makefile.in | 19 +-
external/mit/libXpm/dist/doc/README.MSW | 2 +-
external/mit/libXpm/dist/doc/README.html | 2 +-
external/mit/libXpm/dist/include/Makefile.in | 19 +-
external/mit/libXpm/dist/install-sh | 47 +-
external/mit/libXpm/dist/ltmain.sh | 8 +-
external/mit/libXpm/dist/m4/libtool.m4 | 5 +-
external/mit/libXpm/dist/man/Makefile.am | 77 +-
external/mit/libXpm/dist/man/Makefile.in | 142 +-
external/mit/libXpm/dist/man/XpmAttributesSize.man | 1 +
external/mit/libXpm/dist/man/XpmCreateBuffer.man | 128 +
external/mit/libXpm/dist/man/XpmCreateBufferFromImage.man | 1 +
external/mit/libXpm/dist/man/XpmCreateBufferFromPixmap.man | 1 +
external/mit/libXpm/dist/man/XpmCreateBufferFromXpmImage.man | 1 +
external/mit/libXpm/dist/man/XpmCreateData.man | 115 +
external/mit/libXpm/dist/man/XpmCreateDataFromImage.man | 1 +
external/mit/libXpm/dist/man/XpmCreateDataFromPixmap.man | 1 +
external/mit/libXpm/dist/man/XpmCreateDataFromXpmImage.man | 1 +
external/mit/libXpm/dist/man/XpmCreateImage.man | 114 +
external/mit/libXpm/dist/man/XpmCreateImageFromBuffer.man | 1 +
external/mit/libXpm/dist/man/XpmCreateImageFromData.man | 1 +
external/mit/libXpm/dist/man/XpmCreateImageFromXpmImage.man | 1 +
external/mit/libXpm/dist/man/XpmCreatePixmap.man | 124 +
external/mit/libXpm/dist/man/XpmCreatePixmapFromBuffer.man | 1 +
external/mit/libXpm/dist/man/XpmCreatePixmapFromData.man | 1 +
external/mit/libXpm/dist/man/XpmCreatePixmapFromXpmImage.man | 1 +
external/mit/libXpm/dist/man/XpmCreateXpmImage.man | 149 +
external/mit/libXpm/dist/man/XpmCreateXpmImageFromBuffer.man | 1 +
external/mit/libXpm/dist/man/XpmCreateXpmImageFromData.man | 1 +
external/mit/libXpm/dist/man/XpmCreateXpmImageFromImage.man | 1 +
external/mit/libXpm/dist/man/XpmCreateXpmImageFromPixmap.man | 1 +
external/mit/libXpm/dist/man/XpmFree.man | 1 +
external/mit/libXpm/dist/man/XpmFreeAttributes.man | 1 +
external/mit/libXpm/dist/man/XpmFreeExtensions.man | 1 +
external/mit/libXpm/dist/man/XpmFreeXpmImage.man | 1 +
external/mit/libXpm/dist/man/XpmFreeXpmInfo.man | 1 +
external/mit/libXpm/dist/man/XpmGetErrorString.man | 1 +
external/mit/libXpm/dist/man/XpmLibraryVersion.man | 1 +
external/mit/libXpm/dist/man/XpmMisc.man | 152 +
external/mit/libXpm/dist/man/XpmRead.man | 275 +
external/mit/libXpm/dist/man/XpmReadFileToBuffer.man | 1 +
external/mit/libXpm/dist/man/XpmReadFileToData.man | 1 +
external/mit/libXpm/dist/man/XpmReadFileToImage.man | 1 +
external/mit/libXpm/dist/man/XpmReadFileToPixmap.man | 1 +
external/mit/libXpm/dist/man/XpmReadFileToXpmImage.man | 1 +
external/mit/libXpm/dist/man/XpmWrite.man | 196 +
external/mit/libXpm/dist/man/XpmWriteFileFromBuffer.man | 1 +
external/mit/libXpm/dist/man/XpmWriteFileFromImage.man | 1 +
external/mit/libXpm/dist/man/XpmWriteFileFromPixmap.man | 1 +
external/mit/libXpm/dist/man/XpmWriteFileFromXpmImage.man | 1 +
external/mit/libXpm/dist/missing | 16 +-
external/mit/libXpm/dist/src/Makefile.in | 161 +-
external/mit/libXpm/dist/src/RdFToI.c | 17 +-
external/mit/libXpm/dist/src/WrFFrI.c | 4 +-
external/mit/libXpm/dist/src/create.c | 8 +-
external/mit/libXpm/dist/src/data.c | 24 +-
external/mit/libXpm/dist/src/hashtab.c | 2 +-
external/mit/libXpm/dist/src/parse.c | 37 +-
external/mit/libXpm/dist/src/rgbtab.h | 2 +-
external/mit/libXpm/dist/src/scan.c | 6 +-
external/mit/libXpm/dist/sxpm/Makefile.in | 36 +-
external/mit/libXpm/dist/tap-driver.sh | 651 ++
external/mit/libXpm/dist/test-driver | 148 +
external/mit/libXpm/dist/test/CompareXpmImage.h | 61 +
external/mit/libXpm/dist/test/Makefile.am | 99 +
external/mit/libXpm/dist/test/Makefile.in | 1144 ++++
external/mit/libXpm/dist/test/TestAllFiles.h | 160 +
external/mit/libXpm/dist/test/XpmCreate.c | 129 +
external/mit/libXpm/dist/test/XpmMisc.c | 91 +
external/mit/libXpm/dist/test/XpmRead.c | 195 +
external/mit/libXpm/dist/test/XpmWrite.c | 321 +
external/mit/libXpm/dist/test/pixmaps/good/BlueCurves.xpm | 122 +
external/mit/libXpm/dist/test/pixmaps/good/Dimple.xpm | 79 +
external/mit/libXpm/dist/test/pixmaps/good/Dolphins.xpm | 94 +
external/mit/libXpm/dist/test/pixmaps/good/Miniweave.xpm | 63 +
external/mit/libXpm/dist/test/pixmaps/good/Squares.xpm | 62 +
external/mit/libXpm/dist/test/pixmaps/good/Swirl.xpm | 62 +
external/mit/libXpm/dist/test/pixmaps/good/Utah-teapot.xpm | 407 +
external/mit/libXpm/dist/test/pixmaps/good/chromesphere.xpm | 362 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-lisp.xpm | 39 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-v1.xpm | 37 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-v2.xpm | 30 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-v3.xpm | 39 +
external/mit/libXpm/dist/test/pixmaps/good/xorg-bw.xpm | 264 +
external/mit/libXpm/dist/test/pixmaps/good/xorg.xpm | 701 ++
external/mit/libXpm/dist/test/pixmaps/invalid/CVE-2016-10164-poc.xpm.gz.gz.gz | Bin
external/mit/libXpm/dist/test/pixmaps/invalid/doom.xpm | 8 +
external/mit/libXpm/dist/test/pixmaps/invalid/doom2.xpm | 11 +
external/mit/libXpm/dist/test/pixmaps/invalid/invalid-type.xpm | 34 +
external/mit/libXpm/dist/test/pixmaps/invalid/no-contents.xpm | 2 +
external/mit/libXpm/dist/test/pixmaps/invalid/unending-comment-c.xpm | 30 +
external/mit/libXpm/dist/test/pixmaps/invalid/zero-width-v1.xpm | 37 +
external/mit/libXpm/dist/test/pixmaps/invalid/zero-width.xpm | 35 +
external/mit/libXpm/dist/test/pixmaps/no-mem/oversize.xpm | 39 +
external/mit/libXpm/dist/test/tap-test | 2 +
111 files changed, 9890 insertions(+), 2091 deletions(-)
diffs (truncated from 14471 to 300 lines):
diff -r ba6548198540 -r 6e5dfdd64d99 external/mit/libXpm/dist/AUTHORS
--- a/external/mit/libXpm/dist/AUTHORS Tue Dec 20 09:44:11 2022 +0000
+++ b/external/mit/libXpm/dist/AUTHORS Mon Jan 23 13:49:20 2023 +0000
@@ -1,3 +1,3 @@
-Xpm was originally written by Groupe Bull, but maintainence has since passed
+Xpm was originally written by Groupe Bull, but maintenance has since passed
through the hands of XFree86, and to freedesktop.org; Daniel Stone is the
current maintainer.
diff -r ba6548198540 -r 6e5dfdd64d99 external/mit/libXpm/dist/COPYING
--- a/external/mit/libXpm/dist/COPYING Tue Dec 20 09:44:11 2022 +0000
+++ b/external/mit/libXpm/dist/COPYING Mon Jan 23 13:49:20 2023 +0000
@@ -68,3 +68,23 @@
in this Software without prior written authorization from Lorens Younes.
+Copyright (c) 2023, Oracle and/or its affiliates.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next
+paragraph) shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff -r ba6548198540 -r 6e5dfdd64d99 external/mit/libXpm/dist/ChangeLog
--- a/external/mit/libXpm/dist/ChangeLog Tue Dec 20 09:44:11 2022 +0000
+++ b/external/mit/libXpm/dist/ChangeLog Mon Jan 23 13:49:20 2023 +0000
@@ -1,3 +1,311 @@
+commit ddd8339e262cbb7b25993599299ad40e0c95ccf6
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Tue Jan 17 08:19:26 2023 -0800
+
+ libXpm 3.5.15
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 8178eb0834d82242e1edbc7d4fb0d1b397569c68
+Author: Peter Hutterer <peter.hutterer%who-t.net@localhost>
+Date: Mon Jan 16 19:44:52 2023 +1000
+
+ Use gzip -d instead of gunzip
+
+ GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
+ /usr/bin/gunzip with the correct built-in path, the actual gzip call
+ will use whichever gzip it finds first, making our patch pointless.
+
+ Fix this by explicitly calling gzip -d instead.
+
+ https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
+
+ [Part of the fix for CVE-2022-4883]
+ Signed-off-by: Peter Hutterer <peter.hutterer%who-t.net@localhost>
+
+commit c5ab17bcc34914c0b0707d2135dbebe9a367c5f0
+Author: Matthieu Herrb <matthieu%herrb.eu@localhost>
+Date: Thu Jan 12 15:05:39 2023 +1000
+
+ Prevent a double free in the error code path
+
+ xpmParseDataAndCreate() calls XDestroyImage() in the error path.
+ Reproducible with sxpm "zero-width.xpm", that file is in the test/
+ directory.
+
+ The same approach is needed in the bytes_per_line == 0 condition though
+ here it just plugs a memory leak.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 515294bb8023a45ff916696d0a14308ff4f3a376
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Fri Jan 6 12:50:48 2023 -0800
+
+ Fix CVE-2022-4883: compression commands depend on $PATH
+
+ By default, on all platforms except MinGW, libXpm will detect if a
+ filename ends in .Z or .gz, and will when reading such a file fork off
+ an uncompress or gunzip command to read from via a pipe, and when
+ writing such a file will fork off a compress or gzip command to write
+ to via a pipe.
+
+ In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
+ to find the commands. If libXpm is called from a program running with
+ raised privileges, such as via setuid, then a malicious user could set
+ $PATH to include programs of their choosing to be run with those
+ privileges.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f80fa6ae47ad4a5beacb287c0030c9913b046643
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Jan 7 12:44:28 2023 -0800
+
+ Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
+
+ When reading XPM images from a file with libXpm 3.5.14 or older, if a
+ image has a width of 0 and a very large height, the ParsePixels() function
+ will loop over the entire height calling getc() and ungetc() repeatedly,
+ or in some circumstances, may loop seemingly forever, which may cause a
+ denial of service to the calling program when given a small crafted XPM
+ file to parse.
+
+ Closes: #2
+
+ Reported-by: Martin Ettl <ettl.martin78%googlemail.com@localhost>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f7fbbb92f6d383b21dd1587c3703a5de37c625b5
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Tue Jan 3 17:23:58 2023 -0800
+
+ test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit a3a7c6dcc3b629d765014816c566c63165c63ca8
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Dec 17 12:23:45 2022 -0800
+
+ Fix CVE-2022-46285: Infinite loop on unclosed comments
+
+ When reading XPM images from a file with libXpm 3.5.14 or older, if a
+ comment in the file is not closed (i.e. a C-style comment starts with
+ "/*" and is missing the closing "*/"), the ParseComment() function will
+ loop forever calling getc() to try to read the rest of the comment,
+ failing to notice that it has returned EOF, which may cause a denial of
+ service to the calling program.
+
+ Reported-by: Marco Ivaldi <raptor%0xdeadbeef.info@localhost>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f7a167a48a950b89b91f5123a0ec8d9a7cb97495
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Dec 17 12:18:24 2022 -0800
+
+ test: add test case for CVE-2022-46285 (unclosed comments)
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 0ff2c6af823ce7712c06150c43c9b403846a035f
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Jan 7 15:43:20 2023 -0800
+
+ cxpm: getc/ungetc wrappers should not adjust position when c == EOF
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 501494c6c68a84114fdd0b44d4b67ef9cde776c9
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Jan 7 13:39:56 2023 -0800
+
+ test: Add unit tests using glib framework
+
+ Includes rudimentary tests for XpmReadFileToXpmImage, XpmReadFileToData,
+ XpmReadFileToBuffer, XpmCreateXpmImageFromData, XpmCreateXpmImageFromBuffer,
+ XpmWriteFileFromXpmImage, XpmWriteFileFromData, XpmWriteFileFromBuffer,
+ XpmAttributesSize, XpmGetErrorString, XpmLibraryVersion
+
+ Includes test cases for CVE-2004-0687
+
+ Tests .Z and .gz files if --enable-open-zfile is active
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 4841039e5385f264d12757903894f47c64f59361
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Thu Jan 5 15:42:36 2023 -0800
+
+ configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
+
+ Documents the two compression options in the README, makes their
+ configure options reflect the interdependency of their implementation,
+ and makes the configure script report their configuration.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit aef0c8dd129838ac35b3cf8a7cdf04c7fd67dff1
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jan 1 14:19:17 2023 -0800
+
+ man pages: Apply standard man page style/formatting
+
+ Function & macro names in bold, argument names in italics.
+
+ In the man page body, bold function names followed by plain ()
+ for functions defined in this page, plain (3) for functions defined
+ in other man pages.
+
+ New paragraphs start with .PP, not just a blank line.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 5d55a0be3f8a8d3e53c65c286878fc3224fce135
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jan 1 10:48:01 2023 -0800
+
+ man pages: Replace "See Also" entries with more useful ones
+
+ "See Also" entries in man pages should list other man pages to
+ look at, not the alternate names for the current man page.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 392cb8fb444ae632176829076f412cb4029dbdbc
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jan 1 10:21:38 2023 -0800
+
+ man pages: Fix typos and other minor editing
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 08bc174f28af028b6ebaa9edeccd3ff56c396e92
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Nov 19 12:23:53 2022 -0800
+
+ libXpm 3.5.14
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f0857c0de206e90777a5321cce9602083b283080
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Aug 27 10:06:23 2022 -0700
+
+ man pages: Correct Copyright/License notices
+
+ Since the text was copied from doc/xpm.PS.gz, the copyright and license
+ notices need to be copied from there as well.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit deb81a9a210527b0a00f002b1796e5e21e492879
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Fri Aug 26 18:39:17 2022 -0700
+
+ man pages: Fix typos
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 2d5fa4c2079494f502f9a576d749fa1e205f2144
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Fri Aug 26 18:29:05 2022 -0700
+
+ man pages: Add missing word 'function' where needed
+
+ A number of instances of 'The Xpm... function' were missing the word
+ "function", so read awkwardly.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 2b7357e83e38e2a860687ee4150ef60bd6c0a47f
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Fri Aug 26 18:16:42 2022 -0700
+
+ man pages: Make function synopses more consistent with other pages
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit fb8590c9c57d661ec4a29da243e05b9d87b999d3
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Fri Aug 26 18:06:51 2022 -0700
+
+ man pages: Fix shadow man pages
+
+ Shadow man pages have a .so line that needs to list the file to be
+ shown, not the name of the shadow page.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit bfaebfdcc92433a8b78c004de4bb3c5a8a545e75
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Fri Aug 26 17:49:25 2022 -0700
+
+ man pages: Make file names consistent with their displayed names
+
+ Lets users view the pages using the name displayed on the pages
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 7a138a5278890e122731eb94b8e5a7d6ef543243
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jul 17 16:29:35 2022 -0700
+
+ gitlab CI: add a basic build test
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 3433f4334db7c30864c112639a929c5ae8bd3c3b
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jul 17 16:27:01 2022 -0700
+
Home |
Main Index |
Thread Index |
Old Index