automatic import of libXpmopeneuler24.03_LTS

9 files changed, 700 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..9d22e56 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/libXpm-3.5.13.tar.bz2
diff --git a/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch b/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
new file mode 100644
index 0000000..30cf7f7
--- /dev/null
+++ b/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
@@ -0,0 +1,37 @@
+From c6cd85b7d0a725552a7277748504a33f0fc3e121 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 17 Dec 2022 12:23:45 -0800
+Subject: [PATCH libXpm 1/6] Fix CVE-2022-46285: Infinite loop on unclosed
+ comments
+
+When reading XPM images from a file with libXpm 3.5.14 or older, if a
+comment in the file is not closed (i.e. a C-style comment starts with
+"/*" and is missing the closing "*/"), the ParseComment() function will
+loop forever calling getc() to try to read the rest of the comment,
+failing to notice that it has returned EOF, which may cause a denial of
+service to the calling program.
+
+Reported-by: Marco Ivaldi <raptor@0xdeadbeef.info>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/data.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/data.c b/src/data.c
+index 898889c..bfad4ff 100644
+--- a/src/data.c
++++ b/src/data.c
+@@ -174,6 +174,10 @@ ParseComment(xpmData *data)
+ 		notend = 0;
+ 		Ungetc(data, *s, file);
+ 	    }
++	    else if (c == EOF) {
++		/* hit end of file before the end of the comment */
++		return XpmFileInvalid;
++	    }
+ 	}
+ 	return 0;
+     }
+-- 
+2.39.0
+
diff --git a/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch b/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
new file mode 100644
index 0000000..b46b42a
--- /dev/null
+++ b/0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
@@ -0,0 +1,151 @@
+From 0a1959b3b061d2e6d0a512e83035d84e5828f388 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 7 Jan 2023 12:44:28 -0800
+Subject: [PATCH libXpm 2/6] Fix CVE-2022-44617: Runaway loop with width of 0
+ and enormous height
+
+When reading XPM images from a file with libXpm 3.5.14 or older, if a
+image has a width of 0 and a very large height, the ParsePixels() function
+will loop over the entire height calling getc() and ungetc() repeatedly,
+or in some circumstances, may loop seemingly forever, which may cause a
+denial of service to the calling program when given a small crafted XPM
+file to parse.
+
+Closes: #2
+
+Reported-by: Martin Ettl <ettl.martin78@googlemail.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/data.c  | 20 ++++++++++++++------
+ src/parse.c | 31 +++++++++++++++++++++++++++----
+ 2 files changed, 41 insertions(+), 10 deletions(-)
+
+diff --git a/src/data.c b/src/data.c
+index bfad4ff..7524e65 100644
+--- a/src/data.c
++++ b/src/data.c
+@@ -195,19 +195,23 @@ xpmNextString(xpmData *data)
+ 	register char c;
+ 
+ 	/* get to the end of the current string */
+-	if (data->Eos)
+-	    while ((c = *data->cptr++) && c != data->Eos);
++	if (data->Eos) {
++	    while ((c = *data->cptr++) && c != data->Eos && c != '\0');
++
++	    if (c == '\0')
++		return XpmFileInvalid;
++	}
+ 
+ 	/*
+ 	 * then get to the beginning of the next string looking for possible
+ 	 * comment
+ 	 */
+ 	if (data->Bos) {
+-	    while ((c = *data->cptr++) && c != data->Bos)
++	    while ((c = *data->cptr++) && c != data->Bos && c != '\0')
+ 		if (data->Bcmt && c == data->Bcmt[0])
+ 		    ParseComment(data);
+ 	} else if (data->Bcmt) {	/* XPM2 natural */
+-	    while ((c = *data->cptr++) == data->Bcmt[0])
++	    while (((c = *data->cptr++) == data->Bcmt[0]) && c != '\0')
+ 		ParseComment(data);
+ 	    data->cptr--;
+ 	}
+@@ -216,9 +220,13 @@ xpmNextString(xpmData *data)
+ 	FILE *file = data->stream.file;
+ 
+ 	/* get to the end of the current string */
+-	if (data->Eos)
++	if (data->Eos) {
+ 	    while ((c = Getc(data, file)) != data->Eos && c != EOF);
+ 
++	    if (c == EOF)
++		return XpmFileInvalid;
++	}
++
+ 	/*
+ 	 * then get to the beginning of the next string looking for possible
+ 	 * comment
+@@ -234,7 +242,7 @@ xpmNextString(xpmData *data)
+ 	    Ungetc(data, c, file);
+ 	}
+     }
+-    return 0;
++    return XpmSuccess;
+ }
+ 
+ 
+diff --git a/src/parse.c b/src/parse.c
+index 613529e..606789d 100644
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -427,6 +427,13 @@ ParsePixels(
+ {
+     unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */
+     unsigned int a, x, y;
++    int ErrorStatus;
++
++    if ((width == 0) && (height != 0))
++	return (XpmFileInvalid);
++
++    if ((height == 0) && (width != 0))
++	return (XpmFileInvalid);
+ 
+     if ((height > 0 && width >= UINT_MAX / height) ||
+ 	width * height >= UINT_MAX / sizeof(unsigned int))
+@@ -464,7 +471,11 @@ ParsePixels(
+ 		colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
+ 
+ 	    for (y = 0; y < height; y++) {
+-		xpmNextString(data);
++		ErrorStatus = xpmNextString(data);
++		if (ErrorStatus != XpmSuccess) {
++		    XpmFree(iptr2);
++		    return (ErrorStatus);
++		}
+ 		for (x = 0; x < width; x++, iptr++) {
+ 		    int c = xpmGetC(data);
+ 
+@@ -511,7 +522,11 @@ do \
+ 	    }
+ 
+ 	    for (y = 0; y < height; y++) {
+-		xpmNextString(data);
++		ErrorStatus = xpmNextString(data);
++		if (ErrorStatus != XpmSuccess) {
++		    XpmFree(iptr2);
++		    return (ErrorStatus);
++		}
+ 		for (x = 0; x < width; x++, iptr++) {
+ 		    int cc1 = xpmGetC(data);
+ 		    if (cc1 > 0 && cc1 < 256) {
+@@ -551,7 +566,11 @@ do \
+ 		xpmHashAtom *slot;
+ 
+ 		for (y = 0; y < height; y++) {
+-		    xpmNextString(data);
++		    ErrorStatus = xpmNextString(data);
++		    if (ErrorStatus != XpmSuccess) {
++			XpmFree(iptr2);
++			return (ErrorStatus);
++		    }
+ 		    for (x = 0; x < width; x++, iptr++) {
+ 			for (a = 0, s = buf; a < cpp; a++, s++) {
+ 			    int c = xpmGetC(data);
+@@ -571,7 +590,11 @@ do \
+ 		}
+ 	    } else {
+ 		for (y = 0; y < height; y++) {
+-		    xpmNextString(data);
++		    ErrorStatus = xpmNextString(data);
++		    if (ErrorStatus != XpmSuccess) {
++			XpmFree(iptr2);
++			return (ErrorStatus);
++		    }
+ 		    for (x = 0; x < width; x++, iptr++) {
+ 			for (a = 0, s = buf; a < cpp; a++, s++) {
+ 			    int c = xpmGetC(data);
+-- 
+2.39.0
+
diff --git a/0003-Prevent-a-double-free-in-the-error-code-path.patch b/0003-Prevent-a-double-free-in-the-error-code-path.patch
new file mode 100644
index 0000000..92c25d6
--- /dev/null
+++ b/0003-Prevent-a-double-free-in-the-error-code-path.patch
@@ -0,0 +1,39 @@
+From ad5a88046266478c2c9600f6d8a11ab707cb4c7e Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Thu, 12 Jan 2023 15:05:39 +1000
+Subject: [PATCH libXpm 3/6] Prevent a double free in the error code path
+
+xpmParseDataAndCreate() calls XDestroyImage() in the error path.
+Reproducible with sxpm "zero-width.xpm", that file is in the test/
+directory.
+
+The same approach is needed in the bytes_per_line == 0 condition though
+here it just plugs a memory leak.
+---
+ src/create.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/create.c b/src/create.c
+index a750846..0f3735c 100644
+--- a/src/create.c
++++ b/src/create.c
+@@ -994,11 +994,15 @@ CreateXImage(
+ #if !defined(FOR_MSW) && !defined(AMIGA)
+     if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) {
+ 	XDestroyImage(*image_return);
++	*image_return = NULL;
+ 	return XpmNoMemory;
+     }
+     /* now that bytes_per_line must have been set properly alloc data */
+-    if((*image_return)->bytes_per_line == 0 ||  height == 0)
++    if((*image_return)->bytes_per_line == 0 ||  height == 0) {
++	XDestroyImage(*image_return);
++	*image_return = NULL;
+     	return XpmNoMemory;
++    }
+     (*image_return)->data =
+ 	(char *) XpmMalloc((*image_return)->bytes_per_line * height);
+ 
+-- 
+2.39.0
+
diff --git a/0004-configure-add-disable-open-zfile-instead-of-requirin.patch b/0004-configure-add-disable-open-zfile-instead-of-requirin.patch
new file mode 100644
index 0000000..06f91b4
--- /dev/null
+++ b/0004-configure-add-disable-open-zfile-instead-of-requirin.patch
@@ -0,0 +1,95 @@
+From 6fd1ea0d559a433aecccb21b63e91776e05a0831 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu, 5 Jan 2023 15:42:36 -0800
+Subject: [PATCH libXpm 4/6] configure: add --disable-open-zfile instead of
+ requiring -DNO_ZPIPE
+
+Documents the two compression options in the README, makes their
+configure options reflect the interdependency of their implementation,
+and makes the configure script report their configuration.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ README.md    | 15 +++++++++++++++
+ configure.ac | 36 +++++++++++++++++++++++-------------
+ 2 files changed, 38 insertions(+), 13 deletions(-)
+
+diff --git a/README.md b/README.md
+index f661e15..f3f4c93 100644
+--- a/README.md
++++ b/README.md
+@@ -16,3 +16,18 @@ For patch submission instructions, see:
+ 
+   https://www.x.org/wiki/Development/Documentation/SubmittingPatches
+ 
++------------------------------------------------------------------------------
++
++libXpm supports two optional features to handle compressed pixmap files.
++
++--enable-open-zfile makes libXpm recognize file names ending in .Z and .gz
++and open a pipe to the appropriate command to compress the file when writing
++and uncompress the file when reading. This is enabled by default on platforms
++other than MinGW and can be disabled by passing the --disable-open-zfile flag
++to the configure script.
++
++--enable-stat-zfile make libXpm search for a file name with .Z or .gz added
++if it can't find the file it was asked to open.  It relies on the
++--enable-open-zfile feature to open the file, and is enabled by default
++when --enable-open-zfile is enabled, and can be disabled by passing the
++--disable-stat-zfile flag to the configure script.
+diff --git a/configure.ac b/configure.ac
+index 365544b..85e2c73 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -49,25 +49,35 @@ if test "x$USE_GETTEXT" = "xyes" ; then
+ fi
+ AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes")
+ 
++# Optional feature: When a filename ending in .Z or .gz is requested,
++# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
++# handle it.
++AC_MSG_CHECKING([whether to handle compressed pixmaps])
++case $host_os in
++        *mingw*)        zpipe_default="no" ;;
++        *)              zpipe_default="yes" ;;
++esac
++AC_ARG_ENABLE(open-zfile,
++        AS_HELP_STRING([--enable-open-zfile],
++                        [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]),
++              [OPEN_ZFILE=$enableval], [OPEN_ZFILE=yes])
++AC_MSG_RESULT([$OPEN_ZFILE])
++if test x$OPEN_ZFILE = xno ; then
++        AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes])
++fi
++
+ # Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz
+ # Replaces ZFILEDEF = -DSTAT_ZFILE in old Imakefile
++AC_MSG_CHECKING([whether to search for compressed pixmaps])
+ AC_ARG_ENABLE(stat-zfile,
+-	AS_HELP_STRING([--enable-stat-zfile],
+-			[Search for files with .Z & .gz extensions automatically @<:@default=yes@:>@]),
+-              [STAT_ZFILE=$enableval], [STAT_ZFILE=yes])
++        AS_HELP_STRING([--enable-stat-zfile],
++                        [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]),
++              [STAT_ZFILE=$enableval], [STAT_ZFILE=$OPEN_ZFILE])
++AC_MSG_RESULT([$STAT_ZFILE])
+ if test x$STAT_ZFILE = xyes ; then
+-	AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions])
++        AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions])
+ fi
+ 
+-
+-case $host_os in
+-	*mingw*)
+-                AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes])
+-	;;
+-	*)
+-	;;
+-esac
+-
+ AC_CONFIG_FILES([Makefile
+                  doc/Makefile
+                  include/Makefile
+-- 
+2.39.0
+
diff --git a/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch b/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
new file mode 100644
index 0000000..7ba81de
--- /dev/null
+++ b/0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
@@ -0,0 +1,144 @@
+From cdbc3fa8edc5b42391a5f2bfe1a8f6099929acf7 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 6 Jan 2023 12:50:48 -0800
+Subject: [PATCH libXpm 5/6] Fix CVE-2022-4883: compression commands depend on
+ $PATH
+
+By default, on all platforms except MinGW, libXpm will detect if a
+filename ends in .Z or .gz, and will when reading such a file fork off
+an uncompress or gunzip command to read from via a pipe, and when
+writing such a file will fork off a compress or gzip command to write
+to via a pipe.
+
+In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
+to find the commands.  If libXpm is called from a program running with
+raised privileges, such as via setuid, then a malicious user could set
+$PATH to include programs of their choosing to be run with those
+privileges.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ README.md    | 12 ++++++++++++
+ configure.ac | 14 ++++++++++++++
+ src/RdFToI.c | 17 ++++++++++++++---
+ src/WrFFrI.c |  4 ++--
+ 4 files changed, 42 insertions(+), 5 deletions(-)
+
+diff --git a/README.md b/README.md
+index f3f4c93..0b1c886 100644
+--- a/README.md
++++ b/README.md
+@@ -31,3 +31,15 @@ if it can't find the file it was asked to open.  It relies on the
+ --enable-open-zfile feature to open the file, and is enabled by default
+ when --enable-open-zfile is enabled, and can be disabled by passing the
+ --disable-stat-zfile flag to the configure script.
++
++All of these commands will be executed with whatever userid & privileges the
++function is called with, relying on the caller to ensure the correct euid,
++egid, etc. are set before calling.
++
++To reduce risk, the paths to these commands are now set at configure time to
++the first version found in the PATH used to run configure, and do not depend
++on the PATH environment variable set at runtime.
++
++To specify paths to be used for these commands instead of searching $PATH, pass
++the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP
++variables to the configure command.
+diff --git a/configure.ac b/configure.ac
+index 85e2c73..4fc370d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -49,6 +49,14 @@ if test "x$USE_GETTEXT" = "xyes" ; then
+ fi
+ AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes")
+ 
++dnl Helper macro to find absolute path to program and add a #define for it
++AC_DEFUN([XPM_PATH_PROG],[
++AC_PATH_PROG([$1], [$2], [])
++AS_IF([test "x$$1" = "x"],
++      [AC_MSG_ERROR([$2 not found, set $1 or use --disable-stat-zfile])])
++AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2])
++]) dnl End of AC_DEFUN([XPM_PATH_PROG]...
++
+ # Optional feature: When a filename ending in .Z or .gz is requested,
+ # open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
+ # handle it.
+@@ -64,6 +72,12 @@ AC_ARG_ENABLE(open-zfile,
+ AC_MSG_RESULT([$OPEN_ZFILE])
+ if test x$OPEN_ZFILE = xno ; then
+         AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes])
++else
++        XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress])
++        XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress])
++        XPM_PATH_PROG([XPM_PATH_GZIP], [gzip])
++        XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip])
++        AC_CHECK_FUNCS([closefrom close_range], [break])
+ fi
+ 
+ # Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz
+diff --git a/src/RdFToI.c b/src/RdFToI.c
+index bd09611..a91d337 100644
+--- a/src/RdFToI.c
++++ b/src/RdFToI.c
+@@ -43,6 +43,7 @@
+ #include <errno.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
++#include <unistd.h>
+ #else
+ #ifdef FOR_MSW
+ #include <fcntl.h>
+@@ -161,7 +162,17 @@ xpmPipeThrough(
+ 	    goto err;
+ 	if ( 0 == pid )
+ 	{
+-	    execlp(cmd, cmd, arg1, (char *)NULL);
++#ifdef HAVE_CLOSEFROM
++	    closefrom(3);
++#elif defined(HAVE_CLOSE_RANGE)
++# ifdef CLOSE_RANGE_UNSHARE
++#  define close_range_flags CLOSE_RANGE_UNSHARE
++# else
++#  define close_range_flags 0
++#endif
++	    close_range(3, ~0U, close_range_flags);
++#endif
++	    execl(cmd, cmd, arg1, (char *)NULL);
+ 	    perror(cmd);
+ 	    goto err;
+ 	}
+@@ -235,12 +246,12 @@ OpenReadFile(
+ 	if ( ext && !strcmp(ext, ".Z") )
+ 	{
+ 	    mdata->type = XPMPIPE;
+-	    mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r");
++	    mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r");
+ 	}
+ 	else if ( ext && !strcmp(ext, ".gz") )
+ 	{
+ 	    mdata->type = XPMPIPE;
+-	    mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r");
++	    mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r");
+ 	}
+ 	else
+ #endif /* z-files */
+diff --git a/src/WrFFrI.c b/src/WrFFrI.c
+index 328c987..d59098f 100644
+--- a/src/WrFFrI.c
++++ b/src/WrFFrI.c
+@@ -342,10 +342,10 @@ OpenWriteFile(
+ #ifndef NO_ZPIPE
+ 	len = strlen(filename);
+ 	if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
+-	    mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w");
++	    mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_COMPRESS, NULL, "w");
+ 	    mdata->type = XPMPIPE;
+ 	} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
+-	    mdata->stream.file = xpmPipeThrough(fd, "gzip", "-q", "w");
++	    mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-q", "w");
+ 	    mdata->type = XPMPIPE;
+ 	} else
+ #endif
+-- 
+2.39.0
+
diff --git a/0006-Use-gzip-d-instead-of-gunzip.patch b/0006-Use-gzip-d-instead-of-gunzip.patch
new file mode 100644
index 0000000..ec399bc
--- /dev/null
+++ b/0006-Use-gzip-d-instead-of-gunzip.patch
@@ -0,0 +1,68 @@
+From 999005133c928c841e98600c00e12d4c05846c91 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 16 Jan 2023 19:44:52 +1000
+Subject: [PATCH libXpm 6/6] Use gzip -d instead of gunzip
+
+GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
+/usr/bin/gunzip with the correct built-in path, the actual gzip call
+will use whichever gzip it finds first, making our patch pointless.
+
+Fix this by explicitly calling gzip -d instead.
+
+[1] https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ README.md    | 2 +-
+ configure.ac | 3 +--
+ src/RdFToI.c | 2 +-
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/README.md b/README.md
+index 0b1c886..d906954 100644
+--- a/README.md
++++ b/README.md
+@@ -41,5 +41,5 @@ the first version found in the PATH used to run configure, and do not depend
+ on the PATH environment variable set at runtime.
+ 
+ To specify paths to be used for these commands instead of searching $PATH, pass
+-the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP
++the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, and XPM_PATH_GZIP
+ variables to the configure command.
+diff --git a/configure.ac b/configure.ac
+index 4fc370d..5535998 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -58,7 +58,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2])
+ ]) dnl End of AC_DEFUN([XPM_PATH_PROG]...
+ 
+ # Optional feature: When a filename ending in .Z or .gz is requested,
+-# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
++# open a pipe to a newly forked compress/uncompress/gzip command to
+ # handle it.
+ AC_MSG_CHECKING([whether to handle compressed pixmaps])
+ case $host_os in
+@@ -76,7 +76,6 @@ else
+         XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress])
+         XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress])
+         XPM_PATH_PROG([XPM_PATH_GZIP], [gzip])
+-        XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip])
+         AC_CHECK_FUNCS([closefrom close_range], [break])
+ fi
+ 
+diff --git a/src/RdFToI.c b/src/RdFToI.c
+index a91d337..141c485 100644
+--- a/src/RdFToI.c
++++ b/src/RdFToI.c
+@@ -251,7 +251,7 @@ OpenReadFile(
+ 	else if ( ext && !strcmp(ext, ".gz") )
+ 	{
+ 	    mdata->type = XPMPIPE;
+-	    mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r");
++	    mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r");
+ 	}
+ 	else
+ #endif /* z-files */
+-- 
+2.39.0
+
diff --git a/libXpm.spec b/libXpm.spec
new file mode 100644
index 0000000..5f88dab
--- /dev/null
+++ b/libXpm.spec
@@ -0,0 +1,164 @@
+Summary: X.Org X11 libXpm runtime library
+Name: libXpm
+Version: 3.5.13
+Release: 8%{?dist}
+License: MIT
+URL: http://www.x.org
+
+Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
+
+BuildRequires: xorg-x11-util-macros
+BuildRequires: autoconf automake libtool make
+BuildRequires: gettext
+BuildRequires: pkgconfig(xext) pkgconfig(xt) pkgconfig(xau)
+BuildRequires: ncompress gzip
+
+# CVE-2022-46285
+Patch0001: 0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
+# CVE-2022-44617
+Patch0002: 0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
+Patch0003: 0003-Prevent-a-double-free-in-the-error-code-path.patch
+# CVE-2022-4883
+Patch0004: 0004-configure-add-disable-open-zfile-instead-of-requirin.patch
+Patch0005: 0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
+Patch0006: 0006-Use-gzip-d-instead-of-gunzip.patch
+
+%description
+X.Org X11 libXpm runtime library
+
+%package devel
+Summary: X.Org X11 libXpm development package
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+X.Org X11 libXpm development package
+
+%prep
+%setup -q
+
+%patch0001 -p1
+%patch0002 -p1
+%patch0003 -p1
+%patch0004 -p1
+%patch0005 -p1
+%patch0006 -p1
+
+%build
+autoreconf -v --install --force
+%configure --disable-static
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+make install DESTDIR=$RPM_BUILD_ROOT
+
+# We intentionally don't ship *.la files
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+
+%ldconfig_post
+%ldconfig_postun
+
+%files
+%doc AUTHORS COPYING ChangeLog
+%{_libdir}/libXpm.so.4
+%{_libdir}/libXpm.so.4.11.0
+
+%files devel
+%{_bindir}/cxpm
+%{_bindir}/sxpm
+%{_includedir}/X11/xpm.h
+%{_libdir}/libXpm.so
+%{_libdir}/pkgconfig/xpm.pc
+#%dir %{_mandir}/man1x
+%{_mandir}/man1/*.1*
+#%{_mandir}/man1/*.1x*
+
+%changelog
+* Mon Jan 16 2023 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.13-8
+- Fix CVE-2022-46285: infinite loop on unclosed comments (#2160230)
+- Fix CVE-2022-44617: runaway loop with width of 0 (#2160232)
+- Fix CVE-2022-4883: compression depends on $PATH (#2160242)
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.5.13-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.5.13-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jan 05 2021 Peter Hutterer <peter.hutterer@redhat.com> 3.5.13-4
+- Add make to BuildRequires
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Dec 13 2019 Peter Hutterer <peter.hutterer@redhat.com> 3.5.13-1
+- libXpm 3.5.13
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Jul 05 2018 Adam Jackson <ajax@redhat.com> - 3.5.12-7
+- Drop useless %%defattr
+
+* Fri Jun 29 2018 Adam Jackson <ajax@redhat.com> - 3.5.12-6
+- Use ldconfig scriptlet macros
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Jan 05 2017 Benjamin Tissoires <benjamin.tissoires@redhat.com> 3.5.12-1
+- libXpm 3.5.12
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.11-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Feb 12 2014 Adam Jackson <ajax@redhat.com> 3.5.11-1
+- libXpm 3.5.11
+- Drop pre-F18 changelog
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu Mar 07 2013 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.10-4
+- autoreconf for aarch64
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Mar 08 2012 Adam Jackson <ajax@redhat.com> 3.5.10-1
+- libXpm 3.5.10
diff --git a/sources b/sources
new file mode 100644
index 0000000..5116a6a
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+6f0ecf8d103d528cfc803aa475137afa  libXpm-3.5.13.tar.bz2