# # spec file for package libpng12 # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # %define major 1 %define minor 2 %define micro 59 %define branch %{major}%{minor} %define libname libpng%{branch}-0 Name: libpng12 Url: http://www.libpng.org/pub/png/libpng.html Version: %{major}.%{minor}.%{micro} Release: 2.2 Summary: Library for the Portable Network Graphics Format (PNG) License: Zlib Group: Development/Libraries/C and C++ Source: http://downloads.sourceforge.net/project/libpng/%{name}/%{version}/libpng-%{version}.tar.xz Source2: baselibs.conf Patch0: libpng-1.2.51-CVE-2013-7353.patch Patch1: libpng-1.2.51-CVE-2013-7354.patch BuildRequires: libtool BuildRequires: pkg-config BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires %{libname} = %{version}-%{release} %package -n %{libname} Summary: Library for the Portable Network Graphics Format (PNG) # bug437293 Group: System/Libraries %ifarch ppc64 Obsoletes: libpng-64bit %endif # Obsoletes: libpng < %{version} Provides: libpng = %{version}-%{release} %package devel Summary: Development tools for applications which will use libpng Group: Development/Libraries/C and C++ Requires: %{libname} = %{version} Requires: glibc-devel Requires: pkg-config Requires: zlib-devel Recommends: libpng%{branch}-compat-devel # bug437293 %ifarch ppc64 Obsoletes: libpng-devel-64bit %endif # %package compat-devel Summary: Development tools for applications which will use libpng Group: Development/Libraries/C and C++ Requires: libpng%{branch}-devel = %{version} Provides: libpng-devel = %{version} Obsoletes: libpng-devel < 1.2.43 Conflicts: otherproviders(libpng-devel) %description libpng is the official reference library for the Portable Network Graphics format (PNG). %description -n %{libname} libpng is the official reference library for the Portable Network Graphics format (PNG). %description devel The libpng%{branch}-devel package includes the header files, libraries, configuration files and development tools necessary for compiling and linking programs which will manipulate PNG files using libpng%{branch}. libpng is the official reference library for the Portable Network Graphics (PNG) format. %description compat-devel The libpng%{branch}-compat-devel package contains unversioned symlinks to the header files, libraries, configuration files and development tools necessary for compiling and linking programs that don't care about libpng version. %prep %setup -n libpng-%{version} %patch0 %patch1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 export CFLAGS="%optflags -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" export LDFLAGS="-Wl,-z,relro,-z,now" %configure \ --disable-static # \ # --with-libpng-compat=no make %{?_smp_mflags} %check make -j1 check %install make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %files -n %{libname} %defattr(-,root,root) %{_libdir}/libpng%{branch}.so.* %{_libdir}/libpng.so.* %files devel %defattr(-,root,root) %{_bindir}/libpng%{branch}-config %{_includedir}/libpng%{branch} %{_libdir}/libpng%{branch}.so %{_libdir}/pkgconfig/libpng%{branch}.pc %doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt %files compat-devel %defattr(-,root,root) %{_bindir}/libpng-config %{_includedir}/*.h %{_libdir}/libpng.so %{_libdir}/pkgconfig/libpng.pc %doc %{_mandir}/man3/libpng.3.gz %doc %{_mandir}/man3/libpngpf.3.gz %doc %{_mandir}/man5/png.5.gz %changelog * Wed Jan 31 2018 pgajdos@suse.com - check with -j1, be explicit * Tue Jan 30 2018 jengelh@inai.de - Fix SRPM group and grammar issues. * Mon Jan 2 2017 pgajdos@suse.com - updated to 1.2.57: fixes CVE-2016-10087 * Thu Dec 17 2015 pgajdos@suse.com - updated to 1.2.56: Fixed an out-of-range read in png_check_keyword() (Bug report from Qixue Xiao, CVE-2015-8540). Added keyword checks to pngset.c * Thu Dec 3 2015 pgajdos@suse.com - updated to 1.2.55: Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(), png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr). Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 vulnerability. * Fri Nov 13 2015 pgajdos@suse.com - updated to 1.2.54 * Fri Aug 7 2015 pgajdos@suse.com - build in build section * Fri Feb 27 2015 pgajdos@suse.com - updated to 1.2.53: Issue a png_error() instead of a png_warning() when width is potentially too large for the architecture, in case the calling application has overridden the default 1,000,000-column limit (fixes CVE-2014-9495 and CVE-2015-0973). Display user limits in the output from pngtest. Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000. This can only be changed at library-build time. It only affects the maximum memory that can be allocated to an ancillary chunk; it does not limit the size of IDAT data, which is instead limited by PNG_USER_WIDTH_MAX. * Mon Jan 19 2015 olaf@aepfle.de - Fix CVE-2013-7354.patch, include limits.h for INT_MAX * Thu Nov 20 2014 pgajdos@suse.com - updated to 1.2.52: * Avoid out-of-bounds memory access while checking version string. * Tue Apr 22 2014 pgajdos@suse.com - security update: * CVE-2013-7353.patch [bnc#873124] * CVE-2013-7354.patch [bnc#873123] * Fri Feb 7 2014 pgajdos@suse.com - updated to 1.2.51: Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS(). Replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in configure.ac Changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h. Avoid a possible memory leak in contrib/gregbook/readpng.c Revised libpng.3 so that "doclifter" can process it. Changed '"%%s"m' to '"%%s" m' in png_debug macros to improve portability among compilers. Rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1 Removed potentially misleading warning from png_check_IHDR(). Quiet set-but-not-used warnings in pngset.c Quiet an uninitialized memory warning from VC2013 in png_get_png(). Quiet unused variable warnings from clang by porting PNG_UNUSED() from libpng-1.4.6. Added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile Added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c * Wed Apr 17 2013 coolo@suse.com - add conflicts in -32bit package * Mon Apr 15 2013 mmeister@suse.com - Added url as source. Please see http://en.opensuse.org/SourceUrls * Wed Oct 24 2012 jengelh@inai.de - Add missing baselib requires for compat-devel-32bit * Wed Jul 11 2012 pgajdos@suse.com - updated to 1.2.50: Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. * Thu Mar 29 2012 pgajdos@suse.com - updated to 1.2.49: [bnc#754745] Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice. * Wed Mar 14 2012 pgajdos@suse.com - updated to 1.2.48: * fixed CVE-2011-3045 [bnc#752008] * Mon Feb 20 2012 pgajdos@suse.com - updated to 1.2.47: * fixed CVE-2011-3026 [bnc#747311] * Thu Dec 1 2011 idoenmez@suse.de - Name field shouldn't contain a macro * Thu Dec 1 2011 coolo@suse.com - add libtool as buildrequire to avoid implicit dependency * Wed Oct 5 2011 uli@suse.com - cross-build fix: use %%configure macro * Tue Jul 12 2011 pgajdos@novell.com - updated to 1.2.46: * fixed CVE-2011-2501 [bnc#702578] * Mon Aug 30 2010 coolo@novell.com - fix baselibs.conf after previous change * Thu Jul 29 2010 pgajdos@suse.cz - add devel packages to baselibs.conf [bnc#625883] * Mon Jun 28 2010 pgajdos@suse.cz - updated to 1.2.44: fixed libpng overflow (CVE-2010-1205) and memory leak [bnc#617866] * Fri Jun 4 2010 coolo@novell.com - remove the devel packages from baselibs.conf, not convinced of their usefulness * Sat Apr 24 2010 coolo@novell.com - buildrequire pkg-config to fix provides * Thu Feb 25 2010 pgajdos@suse.cz - updated to 1.2.43 (fixes [bnc#585403]): * Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added to pngconf.h in version 1.2.41. * Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin and contrib/pngminim/*/makefile * Relocated png_do_chop() to its original position in pngrtran.c; the change in version 1.2.41beta08 caused transparency to be handled wrong in some 16-bit datastreams (Yusaku Sugai). * Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt (revising changes made in 1.2.41) * Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngset.c to be consistent with other changes in version 1.2.38. * Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr in pngtest.c * Mon Dec 14 2009 jengelh@medozas.de - add baselibs.conf as a source * Mon Dec 7 2009 pgajdos@suse.cz - updated to 1.2.41: contains numerous cleanups, some new compile-time warnings about direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable), a new xcode build project, and a minor performance improvement (avoid building 16-bit gamma tables when not needed) * Tue Nov 24 2009 pgajdos@suse.cz - updated to 1.2.40: Removed an extra png_debug() recently added to png_write_find_filter(). Fixed incorrect #ifdef in pngset.c regarding unknown chunk support. Various bugfixes and improvements to CMakeLists.txt (Philip Lowman) * Tue Nov 3 2009 coolo@novell.com - updated patches to apply with fuzz=0 * Thu Aug 13 2009 pgajdos@suse.cz - updated to 1.2.39: * Added a prototype for png_64bit_product() in png.c * Avoid a possible NULL dereference in debug build, in png_set_text_2() * Relocated new png_64_bit_product() prototype into png.h * Replaced *.tar.lzma with *.txz in distribution. * Reject attempt to write iCCP chunk with negative embedded profile length. * Mon Jul 20 2009 pgajdos@suse.cz - updated to 1.2.38: * Revised libpng*.txt and libpng.3 to mention calling png_set_IHDR() multiple times and to specify the sample order in the tRNS chunk, because the ISO PNG specification has a typo in the tRNS table. * Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism available for ignoring known chunks even when not saving unknown chunks. * Adopted preference for consistent use of "#ifdef" and "#ifndef" versus "#if defined()" and "if !defined()" where possible. * Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of pngconf.h, and moved the various unknown chunk macro definitions outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks. * Thu Jun 4 2009 pgajdos@suse.cz - updated to 1.2.37: * fixed bug with new png_memset() of the big_row_buffer * Tue May 12 2009 pgajdos@suse.cz - updated to 1.2.36 (see CHANGES) * Mon Feb 23 2009 pgajdos@suse.cz - fixes possible double free [bnc#472745] (CVE-2009-0040) * Mon Jan 19 2009 pgajdos@suse.cz - updated to 1.2.34: * fixes CVE-2008-3964 (removed CVE-2008-3964.patch) * Tue Jan 13 2009 olh@suse.de - obsolete old -XXbit packages (bnc#437293) * Mon Sep 15 2008 pgajdos@suse.cz - fixed CVE-2008-3964 [bnc#424739] * CVE-2008-3964.patch * Thu Sep 11 2008 pgajdos@suse.cz - updated to version 1.2.31: * coding bugfixes and enhancements * Mon Sep 1 2008 aj@suse.de - Do not package la files. * Mon Jun 23 2008 pgajdos@suse.cz - updated to 1.2.29: * fixes to the configure-related build-scripts * security fix that affects programs that attempt to do special handling of unknown PNG chunks (presumably very few such programs), along with a reversion to previous behavior for handling of images with out-of-range tRNS-chunk values [bnc#378634] * fix for unintentional gray-to-RGB conversion in png_set_expand_gray_1_2_4_to_8() * various other minor fixes - removed makefile-am.patch, issue fixed upstream * Sun May 11 2008 coolo@suse.de - fix rename of xxbit packages * Tue Apr 22 2008 pgajdos@suse.cz - $(ECHO) substituted by echo in Makefile.in -- fixes package build in beta (makefile-am.patch) * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Thu Apr 3 2008 pgajdos@suse.cz - updated to 1.2.26: * fixed minor coding errors that could lead to crashes in exceptional cases * Thu Dec 6 2007 mrueckert@suse.de - added provides/obsoletes for the old package * Fri Nov 30 2007 nadvornik@suse.cz - updated to 1.2.23: * more sanity checks, fixes [#332249] - adjusted to Shared Library Policy: * renamed package libpng to libpng12-0 * created compatibility package libpng3 * Wed Jul 11 2007 nadvornik@suse.cz - updated to 1.2.18: * security fixes merged upstream * Thu Mar 29 2007 aj@suse.de - Add zlib-devel to BuildRequires. * Thu Nov 23 2006 nadvornik@suse.cz - fixed crash on malformed sPLT chunks CVE-2006-5793 [#219007] * Mon Jul 17 2006 nadvornik@suse.cz - make sure PNG_NO_ASSEMBLER_CODE is used consistently * Thu Jun 29 2006 nadvornik@suse.cz - updated to 1.2.12: * fixed possible buffer overflow [#189241] * Wed Jun 21 2006 nadvornik@suse.cz - updated to 1.2.10: * use autoconf * many bugfixes - libpng12-config no longer gives -Wl,-rpath,/usr/lib [#168627] - spec file cleanup * Fri Feb 24 2006 nadvornik@suse.cz - removed libpng-64bit.diff [#153106] * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Thu Jan 12 2006 nadvornik@suse.cz - compile with -fstack-protector * Mon Oct 10 2005 nadvornik@suse.cz - fixed incorrect inline asm usage * Thu May 19 2005 ro@suse.de - fix libdir in pkgconfig file libpng.pc * Thu Jan 20 2005 nadvornik@suse.cz - updated to 1.2.8: * fixed crash of applications that strip the alpha channel * fixed invalid zlib header within the PNG datastream * Mon Sep 27 2004 sf@suse.de - fixed problem with wrong assumption for long on 64bit archs which prevents khunphan from working (#45738) * Wed Aug 25 2004 kukuk@suse.de - Avoid /bin/sh PreRequires * Mon Aug 16 2004 nadvornik@suse.cz - updated to 1.2.6: included security fixes * Mon Jul 19 2004 nadvornik@suse.cz - fixed several buffer overflows [#43008] * Wed Jun 16 2004 nadvornik@suse.cz - added missing part of pngtran overflow patch [#42043] * Fri Apr 23 2004 nadvornik@suse.cz - fixed reading behind end of string [#39180] * Sat Jan 10 2004 adrian@suse.de - build as user * Fri Oct 10 2003 adrian@suse.de - add %%run_ldconfig * Mon Apr 7 2003 ro@suse.de - fix tail calling syntax * Mon Feb 10 2003 nadvornik@suse.cz - link the shared library with -lz -lm -lc again * Wed Jan 29 2003 kukuk@suse.de - Fix libpng-devel requires (add zlib-devel) [Bug #23154] * Fri Jan 24 2003 sbrabec@suse.cz - Added missing pkgconfig files to %%files. * Tue Jan 7 2003 nadvornik@suse.cz - updated to 1.2.5 - fixed buffer overflow * Wed Jul 31 2002 coolo@suse.de - fix libz dependency, so the resulting libpng is self containing * Fri Jul 26 2002 adrian@suse.de - fix neededforbuild * Wed Jul 24 2002 nadvornik@suse.cz - updated to 1.2.4: - fixed buffer overflow in pngpread.c when IDAT is corrupted with extra data * Fri Jul 12 2002 schwab@suse.de - Fix makefile. * Fri Jul 5 2002 kukuk@suse.de - Use %%ix86 macro * Tue Jul 2 2002 nadvornik@suse.cz - updated to 1.2.3 - changed package version to match the version of source tarball * Tue Mar 5 2002 nadvornik@suse.cz - fixed permissions for man pages * Tue Feb 5 2002 nadvornik@suse.cz - added Provides: libpng:/usr/include/png.h to libpng-devel * Thu Jan 31 2002 nadvornik@suse.cz - back to 1.0.12, libpng 1.2.x will be packed in separate package - created devel subpackage to allow parallel instalation of shared libraries * Wed Jan 9 2002 nadvornik@suse.cz - update to 1.2.1 - used macros %%{_lib} and %%{_libdir} * Tue Dec 4 2001 nadvornik@suse.cz - update to 1.2.0 - shared library version changed to 3.1.2.0 - new API for dynamically enabling and disabling certain optimizations - added Provides: libpng-devel for compatibility [bug #11978] * Tue Jul 17 2001 nadvornik@suse.cz - update to 1.0.12 * Tue Apr 3 2001 nadvornik@suse.cz - update to 1.0.10 - used pnggccrd.c - MMX support on intel * Tue Feb 13 2001 nadvornik@suse.cz - update to 1.0.9 * Fri Jan 19 2001 bk@suse.de - call pngtest program to have some tests that libpng works. - don't remove -O3 when adding RPM_OPT_FLAGS(still do -O3 optimisations) * Thu Jan 4 2001 nadvornik@suse.cz - changed rpm version to 2.1.0.8 (bug #5062) - changed shared library name to libpng.so.2.1.0.8 * Wed Aug 23 2000 nadvornik@suse.cz - update to 1.0.8 * Tue Jul 11 2000 adrian@suse.de - seg fault fix in pngrutil.c * Mon May 22 2000 nadvornik@suse.cz - changed group - changed URL * Sat Apr 29 2000 kukuk@suse.de - Make sure libpng.so.2 is linked against libz to avoid problems with missing dependencies. * Mon Apr 10 2000 nadvornik@suse.cz - added URL * Tue Apr 4 2000 nadvornik@suse.cz - update to 1.0.6 - added BuildRoot * Tue Jan 25 2000 ro@suse.de - update to 1.0.5 - manpages to /usr/share using macro * Mon Sep 13 1999 bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. * Tue Jun 29 1999 ro@suse.de - moved from /usr/X11R6 to /usr * Mon Jun 28 1999 ro@suse.de - update to 1.0.3 * Wed Feb 17 1999 ro@suse.de - added .so.2 link * Fri Jan 22 1999 ro@suse.de - bump version to 2.1.0 (the version of the installed library) * Fri Mar 20 1998 ro@suse.de - extracted package from libgr tree update to version 1.0.1