!7 Fix CVE-2024-24258 and CVE-2024-24259

From: @wk333 
Reviewed-by: @starlet-dx 
Signed-off-by: @starlet-dx

CVE-2024-24258-and-CVE-2024-24259.patch

@@ -0,0 +1,51 @@
+From 9ad320c1ad1a25558998ddfe47674511567fec57 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Mon, 12 Feb 2024 14:46:22 +0800
+Subject: [PATCH] Plug memory leak that happens upon error.
+
+Origin: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
+
+If fgStructure.CurrentMenu is set when glutAddMenuEntry() or
+glutAddSubMenu() is called the allocated menuEntry variable will
+leak. This commit postpones allocating menuEntry until after the
+error checks, thereby plugging the memory leak.
+
+This fixes CVE-2024-24258 and CVE-2024-24259.
+---
+ src/fg_menu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/fg_menu.c b/src/fg_menu.c
+index 53112dc21..0da88901d 100644
+--- a/src/fg_menu.c
++++ b/src/fg_menu.c
+@@ -864,12 +864,12 @@ void FGAPIENTRY glutAddMenuEntry( const char* label, int value )
+ {
+     SFG_MenuEntry* menuEntry;
+     FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddMenuEntry" );
+-    menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
+ 
+     freeglut_return_if_fail( fgStructure.CurrentMenu );
+     if (fgState.ActiveMenus)
+         fgError("Menu manipulation not allowed while menus in use.");
+ 
++    menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
+     menuEntry->Text = strdup( label );
+     menuEntry->ID   = value;
+ 
+@@ -888,7 +888,6 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
+     SFG_Menu *subMenu;
+ 
+     FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddSubMenu" );
+-    menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
+     subMenu = fgMenuByID( subMenuID );
+ 
+     freeglut_return_if_fail( fgStructure.CurrentMenu );
+@@ -897,6 +896,7 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
+ 
+     freeglut_return_if_fail( subMenu );
+ 
++    menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
+     menuEntry->Text    = strdup( label );
+     menuEntry->SubMenu = subMenu;
+     menuEntry->ID      = -1;

freeglut.spec

@@ -0,0 +1,81 @@
+Name:           freeglut
+Version:        3.4.0
+Release:        2
+Summary:        A freely licensed alternative to the GLUT library
+License:        MIT
+URL:            http://freeglut.sourceforge.net
+Source0:        https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+Source1:        https://downloads.sourceforge.net/openglut/openglut-0.6.3-doc.tar.gz
+Patch0:         CVE-2024-24258-and-CVE-2024-24259.patch
+
+BuildRequires:  gcc gcc-c++ cmake libXi-devel libICE-devel
+BuildRequires:  pkgconfig libGLU-devel libXext-devel libXxf86vm-devel
+Provides:       glut = 3.7
+Obsoletes:      glut < 3.7
+
+%description
+Freeglut is a free-software/open-source alternative to the OpenGL Utility
+Toolkit (GLUT) library. GLUT was originally written to support the sample
+programs in the second edition OpenGL 'RedBook'. Since then, GLUT has been used
+in a wide variety of practical applications because it is simple, widely
+available and highly portable.
+
+%package devel
+Summary:        Freeglut developmental libraries and header files
+Requires:       %{name} = %{version}-%{release} libGL-devel libGLU-devel
+Provides:       glut-devel = 3.7
+Obsoletes:      glut-devel < 3.7
+
+%description devel
+This package provides developmental libraries and header files required for
+developing or compilingsoftware which links to the freeglut library.
+
+%package help
+Summary:        Help information and man pages for freeglut
+
+%description help
+This package privides man-pages and involved help info for freeglut
+
+%prep
+%autosetup -n %{name}-%{version} -a 1 -p1
+
+%build
+%{cmake} -DFREEGLUT_BUILD_STATIC_LIBS=OFF .
+%make_build
+
+%install
+%make_install
+install -d $RPM_BUILD_ROOT/%{_mandir}/man3
+install -p -m 644 doc/man/*.3 $RPM_BUILD_ROOT/%{_mandir}/man3
+
+%post
+/sbin/ldconfig
+%postun
+/sbin/ldconfig
+
+%files
+%doc AUTHORS ChangeLog COPYING
+%{_libdir}/libglut.so.3*
+
+%files devel
+%{_includedir}/GL/*.h
+%{_libdir}/libglut.so
+%{_libdir}/pkgconfig/glut.pc
+%{_libdir}/cmake/FreeGLUT/*
+
+%files help
+%{_mandir}/man3/*
+%doc README.md doc/html/*.png doc/html/*.html
+
+%changelog
+* Sun Feb 18 2024 wangkai <13474090681@163.com> - 3.4.0-2
+- Fix CVE-2024-24258 and CVE-2024-24259
+
+* Tue Oct 17 2023 wangkai <13474090681@163.com> - 3.4.0-1
+- Update to 3.4.0
+
+* Fri Jul 30 2021 linjiaxin5 <linjiaxin5@huawei.com> - 3.0.0-11
+- Fix failure caused by GCC upgrade to 10
+
+* Fri Nov 22 2019 sunguoshuai <sunguoshuai@huawei.com> - 3.0.0-10
+- Package init.

freeglut.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: FreeGLUTProject/freeglut
+tag_prefix: ^v
+separator: .