diff --git a/gpm-1.20.7-covscan.patch b/gpm-1.20.7-covscan.patch new file mode 100644 index 0000000000000000000000000000000000000000..f10e66ace5c74b3ead63cc9aac081eed2f8c36d9 --- /dev/null +++ b/gpm-1.20.7-covscan.patch @@ -0,0 +1,115 @@ +diff --git a/src/daemon/check_uniqueness.c b/src/daemon/check_uniqueness.c +index 4972413..d0eb4e4 100644 +--- a/src/daemon/check_uniqueness.c ++++ b/src/daemon/check_uniqueness.c +@@ -36,6 +36,7 @@ void check_uniqueness(void) + + if((fp = fopen(GPM_NODE_PID, "r")) != NULL) { + fscanf(fp, "%d", &old_pid); ++ fclose(fp); + if (kill(old_pid,0) == -1) { + gpm_report(GPM_PR_INFO,GPM_MESS_STALE_PID, GPM_NODE_PID); + unlink(GPM_NODE_PID); +diff --git a/src/lib/liblow.c b/src/lib/liblow.c +index 8b40b71..d197dae 100644 +--- a/src/lib/liblow.c ++++ b/src/lib/liblow.c +@@ -250,9 +250,9 @@ int Gpm_Open(Gpm_Connect *conn, int flag) + memcpy(tty, consolename, strlen(consolename)-1); + sprintf(&tty[strlen(consolename) - 1], "%i", flag); + } else if (flag==0) { /* use your current vc */ +- if (isatty(0)) tty = ttyname(0); /* stdin */ +- if (!tty && isatty(1)) tty = ttyname(1); /* stdout */ +- if (!tty && isatty(2)) tty = ttyname(2); /* stderr */ ++ if (isatty(0) && ttyname(0)) tty = strdup(ttyname(0)); /* stdin */ ++ if (!tty && isatty(1) && ttyname(1)) tty = strdup(ttyname(1)); /* stdout */ ++ if (!tty && isatty(2) && ttyname(2)) tty = strdup(ttyname(2)); /* stderr */ + if (tty == NULL) { + gpm_report(GPM_PR_ERR,"checking tty name failed"); + goto err; +@@ -373,10 +373,12 @@ int Gpm_Open(Gpm_Connect *conn, int flag) + #endif + + } ++ if (tty) free(tty); + return gpm_fd; + + /*....................................... Error: free all memory */ + err: ++ if (tty) free(tty); + if (gpm_is_disabled < 2) /* be quiet if no gpmctl socket found */ + gpm_report(GPM_PR_ERR,"Oh, oh, it's an error! possibly I die! "); + while(gpm_stack) { +diff --git a/src/lib/report-lib.c b/src/lib/report-lib.c +index 03230b4..ff74b8c 100644 +--- a/src/lib/report-lib.c ++++ b/src/lib/report-lib.c +@@ -63,5 +63,6 @@ void gpm_report(int line, const char *file, int stat, const char *text, ... ) + fprintf(stderr,"\n"); + #endif + ++ va_end(ap); + if(stat == GPM_STAT_OOPS) exit(1); /* may a lib function call exit ???? */ + } +diff --git a/src/mice.c b/src/mice.c +index 6cbd491..090dfed 100644 +--- a/src/mice.c ++++ b/src/mice.c +@@ -905,7 +905,7 @@ static int M_wacom(Gpm_Event *state, unsigned char *data) + } else { /* Relative Mode */ + /* Treshold; if greather then treat tool as first time in proximity */ + if( abs(x-ox)>(wmaxx/wcmodell[WacomModell].treshold) +- || abs(y-oy)>(wmaxy/wcmodell[WacomModell].treshold) ) ox=x; oy=y; ++ || abs(y-oy)>(wmaxy/wcmodell[WacomModell].treshold) ) { ox=x; oy=y; } + + state->dx= (x-ox) / (wmaxx / win.ws_col / wcmodell[WacomModell].treshold); + state->dy= (y-oy) / (wmaxy / win.ws_row / wcmodell[WacomModell].treshold); +diff --git a/src/prog/gpm-root.y b/src/prog/gpm-root.y +index 76c896c..ded326a 100644 +--- a/src/prog/gpm-root.y ++++ b/src/prog/gpm-root.y +@@ -555,12 +555,15 @@ int f_jptty(int mode, DrawItem *self, int uid) + } /*if*/ + if (ioctl(fd, VT_ACTIVATE, i)<0) { + gpm_report(GPM_PR_ERR, "%s: %s", consolename,strerror(errno)); ++ close(fd); + return 1; + } /*if*/ + if (ioctl(fd, VT_WAITACTIVE, i)<0) { + gpm_report(GPM_PR_ERR, "%s: %s", consolename,strerror(errno)); ++ close(fd); + return 1; + } ++ close(fd); + default: return 0; + } + return 0; /* silly gcc -Wall */ +@@ -586,14 +589,17 @@ int f_mktty(int mode, DrawItem *self, int uid) + } /*if*/ + if (ioctl(fd, VT_OPENQRY, &vc)<0) { + gpm_report(GPM_PR_ERR, "%s: %s",consolename, strerror(errno)); ++ close(fd); + return 1; + } /*if*/ + switch(pid=fork()) { + case -1: + gpm_report(GPM_PR_ERR, "fork(): %s", strerror(errno)); ++ close(fd); + return 1; + case 0: /* child: exec getty */ + sprintf(name,"tty%i",vc); ++ close(fd); + execl("/sbin/mingetty","mingetty",name,(char *)NULL); + exit(1); /* shouldn't happen */ + default: /* father: jump to the tty */ +@@ -601,8 +607,10 @@ int f_mktty(int mode, DrawItem *self, int uid) + ,pid,vc); + consolepids[vc]=pid; + sprintf(self->arg,"%i",vc); ++ close(fd); + return f_jptty(mode,self,uid); + } ++ close(fd); + default: return 0; + } + return 0; diff --git a/gpm-1.20.7.tar.xz b/gpm-1.20.7.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..9afc73c51a43cf6429a391e21df0ad66dac1d651 Binary files /dev/null and b/gpm-1.20.7.tar.xz differ diff --git a/gpm.service b/gpm.service index 7ae0120ed6d3b4d7e23693e58941beffe15d5787..23007fc1965b83aede9fa4c25b1f28e49fcdb6e7 100644 --- a/gpm.service +++ b/gpm.service @@ -1,5 +1,5 @@ [Unit] -Description=Console Mouse Manager +Description=Console Mouse manager ConditionVirtualization=!container # This could probably benefit from socket activation, but honestly I think it @@ -7,27 +7,9 @@ ConditionVirtualization=!container # to add socket activation here. [Service] -ExecStart=gpm -m /dev/input/mice -t exps2 +ExecStart=/usr/sbin/gpm -m /dev/input/mice -t exps2 Type=forking PIDFile=/run/gpm.pid -ProtectSystem=full -ProtectHome=yes -ProtectProc=invisible -ProtectControlGroups=yes -ProtectKernelTunables=yes -PrivateNetwork=yes -CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SYS_ADMIN -DeviceAllow=char-tty -DeviceAllow=char-input -# See also https://github.com/systemd/systemd/pull/21350 -SystemCallFilter=@basic-io @io-event @network-io @file-system @process @signal ioctl mprotect setsid -SystemCallArchitectures=native -SystemCallErrorNumber=EPERM -RestrictAddressFamilies=AF_UNIX - -# Note that "special commands" are disallowed by default. -# To enable, add '-S' to ExecStart= line, and tweak the SystemCallFilter= as appropriate. - [Install] WantedBy=multi-user.target diff --git a/gpm.spec b/gpm.spec index 019e6c67fa9b1454cdc33b3e24600f8811b4012d..4d856732395610b5073901ee830ec02e6ac93fee 100644 --- a/gpm.spec +++ b/gpm.spec @@ -1,15 +1,16 @@ -%define anolis_release 5 +%define anolis_release 6 %global LIBVER 2.1.0 Name: gpm -Version: 1.20.7 +Version: 1.20.7 Release: %{anolis_release}%{?dist} Summary: A mouse server for the Linux console License: GPLv2 and OFSFDL URL: http://www.nico.schottelius.org/software/gpm/ Source0: https://github.com/telmich/gpm/archive/refs/tags/1.20.7.tar.gz Source1: gpm.service +Source2: gpm-1.20.7.tar.xz Patch1: 0001-typo-1.20.5-should-have-been-1.20.6.patch Patch2: 0002-switch-to-xz.patch @@ -39,6 +40,7 @@ Patch25: 0025-Add-include-string.h.patch Patch26: 0026-Update-liblow.c-for-musl-compatible.patch Patch27: 0027-Aligned-comments.patch Patch28: 0028-src-headers-daemon.h-avoid-redefinition-of-last_sele.patch +Patch29: gpm-1.20.7-covscan.patch Requires(post): info Requires(preun): info @@ -46,6 +48,8 @@ Requires(preun): info BuildRequires: sed gawk texinfo bison ncurses-devel libtool libcap-ng-devel BuildRequires: systemd-rpm-macros BuildRequires: gcc gcc-c++ make autoconf +BuildRequires: systemd +BuildRequires: automake Requires: linuxconsoletools Requires: %{name}-libs = %{version}-%{release} @@ -152,6 +156,9 @@ rm -rf %{buildroot}%{_initrddir} %changelog +* Thu Aug 14 2025 wenyuzifang - 1.20.7-6 +- Apply patch to fix resource leaks, memory safety issues, and code correctness for stable and secure software operation + Resolves: #1938733 * Thu Dec 28 2023 happy_orange - 1.20.7-5 - fix the source error