Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[xsrc/trunk]: xsrc/external/mit/libXpm/dist initial import of libXpm-3.5.15
details: https://anonhg.NetBSD.org/xsrc/rev/5176055ebd8b
branches: trunk
changeset: 7389:5176055ebd8b
user: mrg <mrg%NetBSD.org@localhost>
date: Thu Jan 19 05:12:22 2023 +0000
description:
initial import of libXpm-3.5.15
diffstat:
external/mit/libXpm/dist/COPYING | 20 +
external/mit/libXpm/dist/ChangeLog | 182 +
external/mit/libXpm/dist/Makefile.am | 2 +-
external/mit/libXpm/dist/Makefile.in | 61 +-
external/mit/libXpm/dist/README.md | 27 +
external/mit/libXpm/dist/aclocal.m4 | 2313 +-
external/mit/libXpm/dist/compile | 17 +-
external/mit/libXpm/dist/config.guess | 1488 +-
external/mit/libXpm/dist/config.h.in | 25 +-
external/mit/libXpm/dist/config.sub | 2909 +-
external/mit/libXpm/dist/configure | 13022 ++++-----
external/mit/libXpm/dist/configure.ac | 63 +-
external/mit/libXpm/dist/cxpm/Makefile.in | 43 +-
external/mit/libXpm/dist/cxpm/cxpm.c | 4 +-
external/mit/libXpm/dist/depcomp | 10 +-
external/mit/libXpm/dist/doc/Makefile.in | 24 +-
external/mit/libXpm/dist/include/Makefile.in | 26 +-
external/mit/libXpm/dist/install-sh | 172 +-
external/mit/libXpm/dist/ltmain.sh | 879 +-
external/mit/libXpm/dist/m4/libtool.m4 | 227 +-
external/mit/libXpm/dist/m4/ltoptions.m4 | 4 +-
external/mit/libXpm/dist/m4/ltsugar.m4 | 2 +-
external/mit/libXpm/dist/m4/ltversion.m4 | 13 +-
external/mit/libXpm/dist/m4/lt~obsolete.m4 | 4 +-
external/mit/libXpm/dist/man/Makefile.in | 24 +-
external/mit/libXpm/dist/man/XpmCreateBuffer.man | 97 +-
external/mit/libXpm/dist/man/XpmCreateData.man | 74 +-
external/mit/libXpm/dist/man/XpmCreateImage.man | 81 +-
external/mit/libXpm/dist/man/XpmCreatePixmap.man | 88 +-
external/mit/libXpm/dist/man/XpmCreateXpmImage.man | 124 +-
external/mit/libXpm/dist/man/XpmMisc.man | 137 +-
external/mit/libXpm/dist/man/XpmRead.man | 273 +-
external/mit/libXpm/dist/man/XpmWrite.man | 171 +-
external/mit/libXpm/dist/missing | 16 +-
external/mit/libXpm/dist/src/Makefile.in | 168 +-
external/mit/libXpm/dist/src/RdFToI.c | 17 +-
external/mit/libXpm/dist/src/WrFFrI.c | 4 +-
external/mit/libXpm/dist/src/data.c | 24 +-
external/mit/libXpm/dist/src/parse.c | 31 +-
external/mit/libXpm/dist/sxpm/Makefile.in | 43 +-
external/mit/libXpm/dist/tap-driver.sh | 651 +
external/mit/libXpm/dist/test-driver | 148 +
external/mit/libXpm/dist/test/CompareXpmImage.h | 61 +
external/mit/libXpm/dist/test/Makefile.am | 99 +
external/mit/libXpm/dist/test/Makefile.in | 1144 +
external/mit/libXpm/dist/test/TestAllFiles.h | 160 +
external/mit/libXpm/dist/test/XpmCreate.c | 129 +
external/mit/libXpm/dist/test/XpmMisc.c | 91 +
external/mit/libXpm/dist/test/XpmRead.c | 195 +
external/mit/libXpm/dist/test/XpmWrite.c | 321 +
external/mit/libXpm/dist/test/pixmaps/good/BlueCurves.xpm | 122 +
external/mit/libXpm/dist/test/pixmaps/good/Dimple.xpm | 79 +
external/mit/libXpm/dist/test/pixmaps/good/Dolphins.xpm | 94 +
external/mit/libXpm/dist/test/pixmaps/good/Miniweave.xpm | 63 +
external/mit/libXpm/dist/test/pixmaps/good/Squares.xpm | 62 +
external/mit/libXpm/dist/test/pixmaps/good/Swirl.xpm | 62 +
external/mit/libXpm/dist/test/pixmaps/good/Utah-teapot.xpm | 407 +
external/mit/libXpm/dist/test/pixmaps/good/chromesphere.xpm | 362 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-lisp.xpm | 39 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-v1.xpm | 37 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-v2.xpm | 30 +
external/mit/libXpm/dist/test/pixmaps/good/plaid-v3.xpm | 39 +
external/mit/libXpm/dist/test/pixmaps/good/xorg-bw.xpm | 264 +
external/mit/libXpm/dist/test/pixmaps/good/xorg.xpm | 701 +
external/mit/libXpm/dist/test/pixmaps/invalid/CVE-2016-10164-poc.xpm.gz.gz.gz | Bin
external/mit/libXpm/dist/test/pixmaps/invalid/doom.xpm | 8 +
external/mit/libXpm/dist/test/pixmaps/invalid/doom2.xpm | 11 +
external/mit/libXpm/dist/test/pixmaps/invalid/invalid-type.xpm | 34 +
external/mit/libXpm/dist/test/pixmaps/invalid/no-contents.xpm | 2 +
external/mit/libXpm/dist/test/pixmaps/invalid/unending-comment-c.xpm | 30 +
external/mit/libXpm/dist/test/pixmaps/invalid/zero-width-v1.xpm | 37 +
external/mit/libXpm/dist/test/pixmaps/invalid/zero-width.xpm | 35 +
external/mit/libXpm/dist/test/pixmaps/no-mem/oversize.xpm | 39 +
external/mit/libXpm/dist/test/tap-test | 2 +
74 files changed, 16768 insertions(+), 11699 deletions(-)
diffs (truncated from 37715 to 300 lines):
diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/COPYING
--- a/external/mit/libXpm/dist/COPYING Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/COPYING Thu Jan 19 05:12:22 2023 +0000
@@ -68,3 +68,23 @@
in this Software without prior written authorization from Lorens Younes.
+Copyright (c) 2023, Oracle and/or its affiliates.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next
+paragraph) shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/ChangeLog
--- a/external/mit/libXpm/dist/ChangeLog Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/ChangeLog Thu Jan 19 05:12:22 2023 +0000
@@ -1,3 +1,185 @@
+commit ddd8339e262cbb7b25993599299ad40e0c95ccf6
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Tue Jan 17 08:19:26 2023 -0800
+
+ libXpm 3.5.15
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 8178eb0834d82242e1edbc7d4fb0d1b397569c68
+Author: Peter Hutterer <peter.hutterer%who-t.net@localhost>
+Date: Mon Jan 16 19:44:52 2023 +1000
+
+ Use gzip -d instead of gunzip
+
+ GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
+ /usr/bin/gunzip with the correct built-in path, the actual gzip call
+ will use whichever gzip it finds first, making our patch pointless.
+
+ Fix this by explicitly calling gzip -d instead.
+
+ https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
+
+ [Part of the fix for CVE-2022-4883]
+ Signed-off-by: Peter Hutterer <peter.hutterer%who-t.net@localhost>
+
+commit c5ab17bcc34914c0b0707d2135dbebe9a367c5f0
+Author: Matthieu Herrb <matthieu%herrb.eu@localhost>
+Date: Thu Jan 12 15:05:39 2023 +1000
+
+ Prevent a double free in the error code path
+
+ xpmParseDataAndCreate() calls XDestroyImage() in the error path.
+ Reproducible with sxpm "zero-width.xpm", that file is in the test/
+ directory.
+
+ The same approach is needed in the bytes_per_line == 0 condition though
+ here it just plugs a memory leak.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 515294bb8023a45ff916696d0a14308ff4f3a376
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Fri Jan 6 12:50:48 2023 -0800
+
+ Fix CVE-2022-4883: compression commands depend on $PATH
+
+ By default, on all platforms except MinGW, libXpm will detect if a
+ filename ends in .Z or .gz, and will when reading such a file fork off
+ an uncompress or gunzip command to read from via a pipe, and when
+ writing such a file will fork off a compress or gzip command to write
+ to via a pipe.
+
+ In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
+ to find the commands. If libXpm is called from a program running with
+ raised privileges, such as via setuid, then a malicious user could set
+ $PATH to include programs of their choosing to be run with those
+ privileges.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f80fa6ae47ad4a5beacb287c0030c9913b046643
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Jan 7 12:44:28 2023 -0800
+
+ Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
+
+ When reading XPM images from a file with libXpm 3.5.14 or older, if a
+ image has a width of 0 and a very large height, the ParsePixels() function
+ will loop over the entire height calling getc() and ungetc() repeatedly,
+ or in some circumstances, may loop seemingly forever, which may cause a
+ denial of service to the calling program when given a small crafted XPM
+ file to parse.
+
+ Closes: #2
+
+ Reported-by: Martin Ettl <ettl.martin78%googlemail.com@localhost>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f7fbbb92f6d383b21dd1587c3703a5de37c625b5
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Tue Jan 3 17:23:58 2023 -0800
+
+ test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit a3a7c6dcc3b629d765014816c566c63165c63ca8
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Dec 17 12:23:45 2022 -0800
+
+ Fix CVE-2022-46285: Infinite loop on unclosed comments
+
+ When reading XPM images from a file with libXpm 3.5.14 or older, if a
+ comment in the file is not closed (i.e. a C-style comment starts with
+ "/*" and is missing the closing "*/"), the ParseComment() function will
+ loop forever calling getc() to try to read the rest of the comment,
+ failing to notice that it has returned EOF, which may cause a denial of
+ service to the calling program.
+
+ Reported-by: Marco Ivaldi <raptor%0xdeadbeef.info@localhost>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit f7a167a48a950b89b91f5123a0ec8d9a7cb97495
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Dec 17 12:18:24 2022 -0800
+
+ test: add test case for CVE-2022-46285 (unclosed comments)
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 0ff2c6af823ce7712c06150c43c9b403846a035f
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Jan 7 15:43:20 2023 -0800
+
+ cxpm: getc/ungetc wrappers should not adjust position when c == EOF
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 501494c6c68a84114fdd0b44d4b67ef9cde776c9
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sat Jan 7 13:39:56 2023 -0800
+
+ test: Add unit tests using glib framework
+
+ Includes rudimentary tests for XpmReadFileToXpmImage, XpmReadFileToData,
+ XpmReadFileToBuffer, XpmCreateXpmImageFromData, XpmCreateXpmImageFromBuffer,
+ XpmWriteFileFromXpmImage, XpmWriteFileFromData, XpmWriteFileFromBuffer,
+ XpmAttributesSize, XpmGetErrorString, XpmLibraryVersion
+
+ Includes test cases for CVE-2004-0687
+
+ Tests .Z and .gz files if --enable-open-zfile is active
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 4841039e5385f264d12757903894f47c64f59361
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Thu Jan 5 15:42:36 2023 -0800
+
+ configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
+
+ Documents the two compression options in the README, makes their
+ configure options reflect the interdependency of their implementation,
+ and makes the configure script report their configuration.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit aef0c8dd129838ac35b3cf8a7cdf04c7fd67dff1
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jan 1 14:19:17 2023 -0800
+
+ man pages: Apply standard man page style/formatting
+
+ Function & macro names in bold, argument names in italics.
+
+ In the man page body, bold function names followed by plain ()
+ for functions defined in this page, plain (3) for functions defined
+ in other man pages.
+
+ New paragraphs start with .PP, not just a blank line.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 5d55a0be3f8a8d3e53c65c286878fc3224fce135
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jan 1 10:48:01 2023 -0800
+
+ man pages: Replace "See Also" entries with more useful ones
+
+ "See Also" entries in man pages should list other man pages to
+ look at, not the alternate names for the current man page.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+commit 392cb8fb444ae632176829076f412cb4029dbdbc
+Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+Date: Sun Jan 1 10:21:38 2023 -0800
+
+ man pages: Fix typos and other minor editing
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
commit 08bc174f28af028b6ebaa9edeccd3ff56c396e92
Author: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
Date: Sat Nov 19 12:23:53 2022 -0800
diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/Makefile.am
--- a/external/mit/libXpm/dist/Makefile.am Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/Makefile.am Thu Jan 19 05:12:22 2023 +0000
@@ -1,7 +1,7 @@
# Daniel Stone disowns all copyright on this file; no warranty is given as to its
# suitability or otherwise.
-SUBDIRS = doc include man src sxpm cxpm
+SUBDIRS = doc include man src sxpm cxpm test
ACLOCAL_AMFLAGS = -I m4
diff -r 184db65bd576 -r 5176055ebd8b external/mit/libXpm/dist/Makefile.in
--- a/external/mit/libXpm/dist/Makefile.in Tue Jan 17 05:37:05 2023 +0000
+++ b/external/mit/libXpm/dist/Makefile.in Thu Jan 19 05:12:22 2023 +0000
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -170,9 +170,9 @@
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- cscope distdir distdir-am dist dist-all distcheck
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
- config.h.in
+ cscope distdir dist dist-all distcheck
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
+ $(LISP)config.h.in
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
@@ -189,11 +189,14 @@
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
- $(srcdir)/xpm.pc.in AUTHORS COPYING ChangeLog INSTALL \
- README.md compile config.guess config.sub install-sh ltmain.sh \
- missing
+ $(srcdir)/xpm.pc.in AUTHORS COPYING ChangeLog INSTALL compile \
+ config.guess config.sub install-sh ltmain.sh missing \
+ tap-driver.sh
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -232,8 +235,6 @@
DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.xz
GZIP_ENV = --best
DIST_TARGETS = dist-xz dist-gzip
-# Exists only to be overridden by the user if desired.
-AM_DISTCHECK_DVI_TARGET = dvi
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -255,9 +256,8 @@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHANGELOG_CMD = @CHANGELOG_CMD@
+CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
CWARNFLAGS = @CWARNFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
@@ -271,12 +271,12 @@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
-ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
-FILECMD = @FILECMD@
Home |
Main Index |
Thread Index |
Old Index